cve/2024/CVE-2024-9680.md

### [CVE-2024-9680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9680)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20128.3.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20131.0.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20131.0.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use-after-free%20in%20Animation%20timeline&color=brighgreen)

### Description

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/PraiseImafidon/Version_Vulnerability_Scanner
- https://github.com/Sree-Ajitha/Sree-Ajitha
- https://github.com/Sree-Ajitha/Threat-Hunting-Playbooks
- https://github.com/giriaryan694-a11y/exposed-win-zero-days
- https://github.com/ltdenard/cve_lookup
- https://github.com/mwlik/v8-resources
- https://github.com/tdonaworth/Firefox-CVE-2024-9680