Firefox Zero-Day Under Attack: Update Your Browser Immediately
thehackernews.com
Mozilla urges users to update Firefox after critical CVE-2024-9680 vulnerability is actively exploited.

In case someone missed this (i did :(, story from a week ago), forks also should be updated by now meow-floppy

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2024-9680 (CVSS score: 9.8), has been described as a use-after-free bug in the Animation timeline component.

The issue has been addressed in the following versions of the web browser -

Firefox 131.0.2
Firefox ESR 128.3.1, and
Firefox ESR 115.16.1.
    • Dudewitbow@lemmy.zip
      ·
      1 month ago

      windows was only the least safe because it had the largest user marketshare, therefore was more effective to target them.

      in the age where less people are using pcs and optimg for mobile, it makes more sense to target mobile, especially since its way more likely to have sensitive information than an arbitrary computer would.

  • EllenKelly [comrade/them]
    ·
    1 month ago

    This says 131.0.2 was out on october 9th, which is the day before the article you posted, hopefully we're all good

    https://www.mozilla.org/en-US/firefox/131.0.2/releasenotes/

    mine had already updated to 131.0.3

    • plinky [he/him]
      ·
      1 month ago

      Its mainly reminder for forks, like zen, librewolf etc. Or those who break autoupdate like me

  • 4am@lemm.ee
    ·
    1 month ago

    Has flatpak Firefox been updated yet? Last time I checked it was still (I think) 131.0 but that was a few days ago.

  • wheresmysurplusvalue [comrade/them]
    ·
    1 month ago

    I assume this also affects mobile Firefox like Firefox/Fennec for Android? The version of Fennec on F-Droid is like 2 months old.