VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qd17-z9b8-3bgx

Essentials
Severities (40)
References (41)
Severity details (13)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-qd17-z9b8-3bgx
Aliases	CVE-2024-9680
Summary	An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-416

Use After Free

System	Score	Found at
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9680.json
epss	0.10073	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.10073	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.10073	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.10073	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.11439	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.11439	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.11439	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.11439	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.11439	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.11439	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.11683	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.11683	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
epss	0.12889	https://api.first.org/data/v1/epss?cve=CVE-2024-9680
cvssv3.1	9.8	https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
ssvc	Act	https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
cvssv3.1	7.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039
ssvc	Act	https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2024-9680
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2024-51
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2024-52
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2024-51/
ssvc	Act	https://www.mozilla.org/security/advisories/mfsa2024-51/
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2024-52/
ssvc	Act	https://www.mozilla.org/security/advisories/mfsa2024-52/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9680.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-9680
		https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=281992
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9680
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2024/10/msg00005.html
1084989		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084989
2317442		https://bugzilla.redhat.com/show_bug.cgi?id=2317442
cpe:2.3:a:mozilla:firefox:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::-:::*
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:a:mozilla:thunderbird:131.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:131.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
CVE-2024-49039		https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039
CVE-2024-9680		https://nvd.nist.gov/vuln/detail/CVE-2024-9680
mfsa2024-51		https://www.mozilla.org/en-US/security/advisories/mfsa2024-51
mfsa2024-51		https://www.mozilla.org/security/advisories/mfsa2024-51/
mfsa2024-52		https://www.mozilla.org/en-US/security/advisories/mfsa2024-52
mfsa2024-52		https://www.mozilla.org/security/advisories/mfsa2024-52/
RHSA-2024:7958		https://access.redhat.com/errata/RHSA-2024:7958
RHSA-2024:7977		https://access.redhat.com/errata/RHSA-2024:7977
RHSA-2024:8024		https://access.redhat.com/errata/RHSA-2024:8024
RHSA-2024:8025		https://access.redhat.com/errata/RHSA-2024:8025
RHSA-2024:8026		https://access.redhat.com/errata/RHSA-2024:8026
RHSA-2024:8027		https://access.redhat.com/errata/RHSA-2024:8027
RHSA-2024:8028		https://access.redhat.com/errata/RHSA-2024:8028
RHSA-2024:8029		https://access.redhat.com/errata/RHSA-2024:8029
RHSA-2024:8030		https://access.redhat.com/errata/RHSA-2024:8030
RHSA-2024:8031		https://access.redhat.com/errata/RHSA-2024:8031
RHSA-2024:8032		https://access.redhat.com/errata/RHSA-2024:8032
RHSA-2024:8033		https://access.redhat.com/errata/RHSA-2024:8033
RHSA-2024:8034		https://access.redhat.com/errata/RHSA-2024:8034
RHSA-2024:8131		https://access.redhat.com/errata/RHSA-2024:8131
RHSA-2024:8166		https://access.redhat.com/errata/RHSA-2024:8166
RHSA-2024:8167		https://access.redhat.com/errata/RHSA-2024:8167
RHSA-2024:8176		https://access.redhat.com/errata/RHSA-2024:8176
RHSA-2024:9552		https://access.redhat.com/errata/RHSA-2024:9552
RHSA-2024:9554		https://access.redhat.com/errata/RHSA-2024:9554
show_bug.cgi?id=1923344		https://bugzilla.mozilla.org/show_bug.cgi?id=1923344
USN-7065-1		https://usn.ubuntu.com/7065-1/
USN-7066-1		https://usn.ubuntu.com/7066-1/

Data source	KEV
Date added	Oct. 15, 2024
Description	Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.
Required action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date	Nov. 5, 2024
Note	https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-9680
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9680.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1923344

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-10-16T12:58:45Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1923344

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-10-16T12:58:45Z/ Found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-9680

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-51/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-10-16T12:58:45Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-51/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2024-52/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-10-16T12:58:45Z/ Found at https://www.mozilla.org/security/advisories/mfsa2024-52/

Exploit Prediction Scoring System (EPSS)

Percentile	0.92794
EPSS Score	0.10073
Published At	Sept. 9, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:03.668652+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2024/mfsa2024-51.yml	37.0.0