Critical Zero-Day Vulnerability CVE-2024-9680 Exploited in Firefox and Tor Browser

Critical Zero-Day Vulnerability CVE-2024-9680 Exploited in Firefox and Tor Browser

A critical security flaw, identified as CVE-2024-9680, has been actively exploited in the wild, impacting multiple versions of Mozilla Firefox and Tor Browser. The vulnerability, classified as a high-severity use-after-free issue in the Animation timeline component, enables attackers to execute arbitrary code, posing significant risks to users’ privacy and security. The flaw was first reported by cybersecurity firm ESET and has since been patched by Mozilla in Firefox versions 131.0.2, Firefox ESR 128.3.1, and 115.16.1. Following the Firefox patch, the Tor Browser also released an emergency update (version 13.5.7) to mitigate the issue.

Understanding CVE-2024-9680

CVE-2024-9680 is a “use-after-free” vulnerability that occurs when a program continues to use memory that has already been freed. In the context of Firefox, the bug lies in the handling of the Animation timeline, where the memory is not properly managed, potentially allowing malicious exploitation. Attackers can use this memory corruption to execute malicious code in the content process of the browser, which is responsible for rendering web content, handling scripts, and managing dynamic elements on web pages.

The flaw has been assigned a CVSS (Common Vulnerability Scoring System) score of 9.8 out of 10, indicating its criticality. The exploit requires no user interaction and can be carried out over the network with low complexity, making it a preferred target for threat actors.

Active Exploitation and Response

The vulnerability was disclosed to Mozilla by ESET, who provided a sample exploit chain demonstrating remote code execution capabilities. Mozilla responded swiftly by reverse-engineering the exploit and deploying a patch within 25 hours. This rapid response was necessary due to reports of the vulnerability being actively exploited in the wild. However, specific details about the threat actors behind these attacks or the methods used have not been disclosed.

According to Mozilla, the fix involved hardening the Animation timeline component to prevent similar use-after-free bugs from being exploited in the future. While this particular flaw has been resolved, Mozilla emphasized the ongoing efforts to further analyze the exploit and implement additional hardening measures.

Impact on Tor Browser

Since the Tor Browser is based on Firefox ESR (Extended Support Release), it was also vulnerable to CVE-2024-9680. Tor, known for its focus on privacy and anonymity, is often a target for attackers aiming to exploit vulnerabilities to compromise users’ systems. The emergency patch released in Tor Browser version 13.5.7 aims to protect users from this critical flaw. Despite the high risk, Tor’s maintainers have noted that while the vulnerability could allow attackers to take control of the browser, it is unlikely to deanonymize users in the Tails operating system. Tails is a secure, privacy-focused OS that leaves no trace on the host machine and routes all network traffic through the Tor network.

Mitigation Recommendations

To stay protected from CVE-2024-9680, users are strongly advised to:

  • Update Browsers Immediately: Ensure that Firefox is updated to at least version 131.0.2 and Tor Browser to version 13.5.7. Using the latest browser versions helps guard against known vulnerabilities that can be exploited.
  • Configure Tor Browser to ‘Safest’ Security Mode: Setting the Tor Browser’s security level to ‘Safest’ can help minimize the attack surface by disabling JavaScript and blocking dynamic content, such as animations, which are potential vectors for memory corruption exploits.
  • Avoid Unknown Websites: Users should exercise caution when visiting untrusted or unfamiliar websites, especially during periods of active exploitation. These sites could be leveraged for “watering hole” attacks or drive-by downloads to compromise vulnerable browsers.

Broader Implications

The CVE-2024-9680 exploit serves as a stark reminder that no software is immune to vulnerabilities. Browsers are prime targets for attackers, given their role in handling untrusted content. Use-after-free bugs are particularly dangerous in this context because they can lead to remote code execution, which may give attackers full control over a compromised system.

Mozilla’s rapid response to the discovery of this zero-day vulnerability demonstrates the importance of collaboration between security researchers and software vendors. By quickly addressing and patching vulnerabilities, developers can significantly reduce the window of opportunity for attackers to exploit critical flaws.

Using Armur as a Security Layer

Armur AI can serve as a valuable security layer in the context of vulnerabilities like CVE-2024-9680 by providing automated code scanning and security analysis tools. Using LLM-powered agents, Armur can detect critical flaws in browser codebases, such as use-after-free bugs, through its Static Application Security Testing (SAST) capabilities. By integrating Armur into the development workflow, organizations can identify potential vulnerabilities early, strengthen defenses against exploits, and proactively secure both AI-generated and manually written code, reducing the risks of zero-day attacks in browsers like Firefox and Tor.

Start securing your codebase today by signing up to Armur and get 100 free credits.

Conclusion

CVE-2024-9680 represents a critical threat to users of Firefox and Tor Browser, underscoring the importance of regular software updates and security awareness. While the immediate risk has been mitigated through recent patches, the continued efforts by Mozilla to strengthen the security of its browser components highlight the evolving nature of software vulnerabilities. Users are urged to remain vigilant, keep their software up-to-date, and implement best practices to reduce the likelihood of falling victim to similar exploits in the future.