cybersecurity

3299 readers

73 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

RomCom exploits Firefox and Windows zero days in the wild (www.welivesecurity.com)

submitted 21 hours ago by Joker@sh.itjust.works to c/cybersecurity@infosec.pub

1 comments fedilink hide all child comments

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit

top 1 comments

sorted by: hot top controversial new old

[–] Telorand@reddthat.com 11 points 19 hours ago

Tldr:

Analysis of the exploit led to the discovery of the vulnerability, now assigned CVE-2024-9680: a use-after-free bug in the animation timeline feature in Firefox. Mozilla patched the vulnerability on October 9th, 2024.

Further analysis revealed another zero-day vulnerability in Windows: a privilege escalation bug, now assigned CVE‑2024‑49039, that allows code to run outside of Firefox’s sandbox. Microsoft released a patch for this second vulnerability on November 12th, 2024.

If you're up to date on your security patches, you're fine.