An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
{ "binaries": [ { "binary_version": "52.9.1-0ubuntu0.18.04.1", "binary_name": "libmozjs-52-0" }, { "binary_version": "52.9.1-0ubuntu0.18.04.1", "binary_name": "libmozjs-52-dev" } ], "priority_reason": "Listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog for Firefox" }
{ "binaries": [ { "binary_version": "38.8.0~repack1-0ubuntu4", "binary_name": "libmozjs-38-0" }, { "binary_version": "38.8.0~repack1-0ubuntu4", "binary_name": "libmozjs-38-dev" } ], "priority_reason": "Listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog for Firefox" }
{ "binaries": [ { "binary_version": "131.0.2+build1-0ubuntu0.20.04.1", "binary_name": "firefox" }, { "binary_version": "131.0.2+build1-0ubuntu0.20.04.1", "binary_name": "firefox-dev" }, { "binary_version": "131.0.2+build1-0ubuntu0.20.04.1", "binary_name": "firefox-geckodriver" }, { "binary_version": "131.0.2+build1-0ubuntu0.20.04.1", "binary_name": "firefox-mozsymbols" } ], "priority_reason": "Listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog for Firefox", "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1", "binary_name": "thunderbird" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1", "binary_name": "thunderbird-dev" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.20.04.1", "binary_name": "xul-ext-lightning" } ], "priority_reason": "Listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog for Firefox", "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "102.15.1-0ubuntu0.22.04.1", "binary_name": "libmozjs-102-0" }, { "binary_version": "102.15.1-0ubuntu0.22.04.1", "binary_name": "libmozjs-102-dev" } ], "priority_reason": "Listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog for Firefox" }
{ "binaries": [ { "binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1", "binary_name": "thunderbird" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1", "binary_name": "thunderbird-dev" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1", "binary_name": "thunderbird-gnome-support" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1", "binary_name": "thunderbird-mozsymbols" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1", "binary_name": "xul-ext-calendar-timezones" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1", "binary_name": "xul-ext-gdata-provider" }, { "binary_version": "1:115.16.0+build2-0ubuntu0.22.04.1", "binary_name": "xul-ext-lightning" } ], "priority_reason": "Listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog for Firefox", "availability": "No subscription required" }