Several popular browsers, including Firefox 131.0.2, Firefox ESR 115.16.1, Firefox ESR 128.3.1, and Tor Browser 13.5.7, recently addressed a critical vulnerability (CVE-2024-9680) that could impact the processing of code when opening specially crafted web pages.
The vulnerability, linked to a memory release issue (use-after-free) in the implementation of the API animationtimeline, is used for syncing and controlling animated effects on web pages. Prior to the fixes provided by Mozilla and ESET, the vulnerability had already been exploited in 0-day attacks, making it a serious threat. Detailed information about the nature of the vulnerability has not been disclosed yet, but it is crucial for users to update their browsers to the latest versions to mitigate the risk of exploitation.