Russian APT RomCom includes Firefox and Windows zero-day flaws in drive-by-drive exploits

When you visit the redirect page, a malicious JavaScript script is used that exploits a memory-use-after-free vulnerability in Firefox’s animation timelines feature. The flaw, now tracked as CVE-2024-9680, was patched on October 9, one day after ESET researchers reported it to Mozilla. The vulnerability is rated as critical with a score of 9.8 and results from the execution of code within the Firefox content process, which is a malicious DLL library in this case.

“Mozilla released a vulnerability in Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1 on October 9, 2024,” ESET researchers said. “In fact, pointers to animation objects handled by the timeline are now implemented via count pointers (RefPtr), as suggested by diff, which prevents the animation from being freed, as the Animation::Tick timeline will still hold a reference to those.”

Elevation of privilege error in Windows Task Scheduler

Firefox’s content process is sandboxed, with an untrusted privilege level, meaning that attackers could not extract code from the underlying operating system by exploiting Firefox alone.


Source link