IRONSMITHINTEL
CRITICALCVSS9.8
|
Actively Exploited
|CISA KEV|CVE-2024-9680|Auth: none — visiting a malicious website is sufficient|Reboot: not required|Est. 5 minutes (browser update, no reboot required)|Manual only

Mozilla Firefox < 131.0.2 — RCE

A use-after-free in Firefox's animation timeline processing allows remote code execution within the browser sandbox. Update to Firefox 131.0.2 immediately — exploited in the wild as a zero-day.

Published Oct 9, 2024 · Updated May 10, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

An attacker who hosts a malicious website can achieve code execution in the Firefox renderer process. Combined with a sandbox escape, this can lead to full system compromise. Even without sandbox escape, the attacker can steal browser data, session cookies, and saved passwords.

How the attack worksNo clicks needed

Firefox has a use-after-free vulnerability in the handling of CSS animation timelines. When a web page creates an animation and then manipulates the timeline in a specific sequence, Firefox accesses freed memory, allowing an attacker-controlled web page to corrupt heap memory and achieve code execution within the Firefox process.

📧

Phishing link

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

All Windows users with Firefox
IT Administrators
Desktop Support
Running Firefox prior to 131.0.2, Firefox ESR prior to 128.3.1, Firefox ESR prior to 115.16.1

Affected OS versions

Windows 10Windows 11Windows Server 2019Windows Server 2022
Fixed inFirefox 131.0.2 / Firefox ESR 128.3.1 / Firefox ESR 115.16.1
Real-world incidentsWhat we've seen

Mozilla disclosed and patched CVE-2024-9680 as an out-of-band emergency update on October 9, 2024. CISA added it to the Known Exploited Vulnerabilities catalog on October 11, 2024. Mozilla credited ESET for reporting and noted the vulnerability was being actively exploited in the wild. The fix was available within hours of Mozilla being notified.

How to patch

Manual remediation steps

5 minutes (browser update, no reboot required)

Check Firefox Version

# Check installed version:
$ffPath = "C:\Program Files\Mozilla Firefox\firefox.exe"
if (Test-Path $ffPath) {
  (Get-Item $ffPath).VersionInfo.FileVersion
}

# Or check via registry:
Get-ItemProperty "HKLM:\SOFTWARE\Mozilla\Mozilla Firefox" -ErrorAction SilentlyContinue |
  Select-Object CurrentVersion

Update Firefox Immediately

# Option 1: Open Firefox and navigate to:
# Help > About Firefox > Check for Updates

# Option 2: Use winget (if available):
winget upgrade Mozilla.Firefox

# Option 3: Download Firefox 131.0.2 installer from https://www.mozilla.org/firefox/

Verify the Update

(Get-Item "C:\Program Files\Mozilla Firefox\firefox.exe").VersionInfo.FileVersion
# Must show 131.0.2 or later

Enterprise Deployment (Group Policy / SCCM)

# Download the MSI from https://www.mozilla.org/en-US/firefox/enterprise/
# Deploy via SCCM or Intune as a software update
# Or use the Mozilla ADMX templates to enforce auto-update
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2024-9680NVD