Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks.
The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines.
This type of flaw occurs when memory that has been freed is still used by the program, allowing malicious actors to add their own malicious data to the memory region to perform code execution.
Animation timelines, part of Firefox's Web Animations API, are a mechanism that controls and synchronizes animations on web pages.
"An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines," reads the security bulletin.
Given the active exploitation status for CVE-2024-9680 and the lack of any information on how people are targeted, upgrading to the latest versions is essential.