CVE-2024-9680
Publication date 10 October 2024
Last updated 10 October 2024
Ubuntu priority
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, and Firefox ESR < 115.16.1.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Vulnerable
|
|
mozjs102 | 24.04 LTS noble | Ignored |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Not in release | |
mozjs115 | 24.04 LTS noble | Ignored |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
mozjs38 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Needs evaluation
|
|
mozjs52 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored | |
18.04 LTS bionic | Ignored | |
mozjs68 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored | |
mozjs78 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Not in release | |
mozjs91 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Ignored | |
20.04 LTS focal | Not in release | |
thunderbird | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Vulnerable
|
|
20.04 LTS focal |
Vulnerable
|
Notes
mdeslaur
mozjs* contain a copy of the SpiderMonkey JavaScript engine. It is not feasible to backport security fixes to the mozjs* packages, as such, marking them as ignored. starting with Ubuntu 22.04, the firefox package is just a script that installs the Firefox snap starting with Ubuntu 24.04, the thunderbird package is just a script that installs the Thunderbird snap