VDB
WID-SEC-W-2024-3138
WID-SEC-W-2024-3138
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Firefox ist ein Open Source Web Browser. Firefox ist ein Open Source Web Browser. ESR ist die Variante mit verlängertem Support.
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla Firefox <131.0.2 | ||
| RESF Rocky Linux | ||
| Mozilla Thunderbird 131.0.1 | ||
| Debian Linux | ||
| IGEL OS 11 | ||
| Mozilla Thunderbird 115.16 | ||
| Amazon Linux 2 | ||
| IGEL OS 12 | ||
| Gentoo Linux | ||
| Mozilla Firefox ESR 115.16.1 | ||
| Mozilla Thunderbird 128.3.1 | ||
| Mozilla Firefox ESR 128.3.1 | ||
| Mozilla Thunderbird <128.3.1 | ||
| Mozilla Firefox ESR <115.16.1 | ||
| Mozilla Firefox ESR <128.3.1 | ||
| Mozilla Thunderbird <131.0.1 | ||
| Mozilla Firefox 131.0.2 | ||
| Mozilla Thunderbird <115.16 | ||
| Red Hat Enterprise Linux | ||
| Oracle Linux |
Exploit Intelligence
- Firefox/Tor Browser 0day exploit analysis (CVE-2024-9680) A UAF in animation timelines leading to RCE. Patched. (github-poc-repo)
- Firefox/Tor Browser 0day exploit analysis (CVE-2024-9680) A UAF in animation timelines leading to RCE. Patched. (github-poc)
- A vulnerability scanner for Firefox and Thunderbird that checks if your versions are out of date and susceptible to CVE-2024-9680. (github-poc)
- tdonaworth/Firefox-CVE-2024-9680 (github-poc)
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3138.json (circl)
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3138 (circl)
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ (circl)
- https://github.com/advisories/GHSA-hm3j-qgpw-pj98 (circl)
- https://access.redhat.com/security/cve/cve-2024-9680 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=2317442 (circl)
…and 45 more exploits
Timeline
- Oct 9, 2024 CVE Published
- Dec 15, 2024 CVE Updated
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3138.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3138 advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ url
- https://github.com/advisories/GHSA-hm3j-qgpw-pj98 url
- https://access.redhat.com/security/cve/cve-2024-9680 url
- https://bugzilla.redhat.com/show_bug.cgi?id=2317442 url
- https://linux.oracle.com/errata/ELSA-2024-7958.html url
- https://access.redhat.com/errata/RHSA-2024:7958 url
- https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html url
- https://access.redhat.com/errata/RHSA-2024:7977 url
- https://lists.debian.org/debian-security-announce/2024/msg00202.html url
- https://www.mozilla.org/en-US/security/advisories/mfsa2024-52/ url
- https://ubuntu.com/security/notices/USN-7066-1 url
- https://linux.oracle.com/errata/ELSA-2024-8025.html url
- http://linux.oracle.com/errata/ELSA-2024-7977.html url
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VKFD7S6F6RRLVUZWNFLQRZFCCQWLS5QT/ url
- https://linux.oracle.com/errata/ELSA-2024-8024.html url
- https://rhn.redhat.com/errata/RHSA-2024:8024.html url
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/AQJ3XOB6U4CW4OJK2Z23QX2WVYIDVX7K/ url
- https://rhn.redhat.com/errata/RHSA-2024:8025.html url
…and 23 more