On October 12, Mozilla released the Firefox 131.0.2 update to address a critical zero-day vulnerability that has been actively exploited, marking the first such issue detected in the browser this year. The security flaw, identified as CVE-2024-9680, involves a use-after-free (UAF) vulnerability in CSS animations, which could allow attackers to inject and execute arbitrary malicious code. Researcher Damien Schaeffer from ESET uncovered the vulnerability, but Mozilla has withheld specific details about the extent of the attacks and their impact.
Firefox typically updates automatically, but users who haven’t yet received the 131.0.2 update can manually check for updates via the Help > About Firefox menu. In addition to this release, Mozilla has also provided security updates for the Extended Support Release (ESR) editions of Firefox and the Tor Browser. The latest versions—Firefox ESR 115.16.1, Firefox ESR 128.3.1, and Tor Browser 13.5.7—have integrated the fix for CVE-2024-9680, ensuring users remain protected against potential threats.