Mozilla recently released the Firefox 131.0.2 update to address a critical zero-day security flaw that is actively being exploited by attackers. This vulnerability, identified as CVE-2024-9680, involves a use-after-free (UAF) vulnerability in CSS animations, which could allow attackers to inject and run malicious code on affected systems.
The discovery of this zero-day vulnerability by ESET researcher Damien Schaeffer marks the first such vulnerability found in Firefox this year. While Mozilla has not disclosed specific details about the attacks exploiting this flaw, the release of the update aims to protect users from potential risks.
Users are encouraged to update their Firefox browser to version 131.0.2 as soon as possible. Although Firefox typically updates automatically, users can manually check for updates by navigating to the Help > About Firefox menu. Additionally, Mozilla has released security updates for Firefox ESR 115.16.1, Firefox ESR 128.3.1, and Tor Browser 13.5.7 to address the same vulnerability.
For users on older operating systems such as Windows and macOS, Firefox ESR 115 will continue to receive security updates until at least March 2025. Meanwhile, users on more recent OS versions can opt for the Firefox ESR 128 branch for a more stable browsing experience.
The Tor Browser, based on Firefox ESR 115.16, has also been updated to include the security fix from Firefox 131.0.2, ensuring that Tor users are protected from potential exploits. In addition to keeping software up to date, users are advised to use reputable antivirus software to enhance overall PC security.
By staying informed about the latest security updates and taking proactive measures to protect their systems, users can mitigate the risks associated with zero-day vulnerabilities and other potential threats. Keeping browsers and software up to date is essential in maintaining a secure online experience.
