Unrated severityCISA KEVNVD Advisory· Published Oct 9, 2024· Updated Nov 3, 2025

CVE-2024-9680

Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Affected products

Mozilla Corporation/Firefoxv5
Range: unspecified
Mozilla Corporation/Thunderbirdv5
Range: unspecified
Mozilla/Firefox ESRv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugzilla.mozilla.org/show_bug.cgimitre
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039mitre
www.mozilla.org/security/advisories/mfsa2024-51/mitre
www.mozilla.org/security/advisories/mfsa2024-52/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.028
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.060