Anyone using or having installed Firefox should update their browser as soon as possible. A specific vulnerability allows the browser to be exploited remotely.
The vulnerability was codenamed CVE-2024-9680 and is now actively exploited by hackers. Mozilla recommends updating to Firefox 131.0.2, Firefox ESR 128.3.1, or Firefox ESR 115.16.1 as soon as possible.
There are reports of use-after-free abuse in Firefox’s Animation timelines, but it is unclear how exactly the bug is being abused.
The fact is that the security flaw allows code to be executed remotely. This means that a hacker can manipulate the browser, for example by making the victim visit a hacked website. Sometimes, even opening the site is enough to bring in malware.
The good news is that Firefox updates automatically by default. For most users, the currently available patch will already be installed. If you have any doubts, you can click on ‘Help’, then on ‘About Firefox’ at the top right of the Firefox settings (the three dashes) and check the version there. If it is older than the versions mentioned above, it is advisable to install the latest version.
