=====================================================================

                                 CERT-Renater

                      Note d'Information No. 2024/VULN424
_____________________________________________________________________

DATE                : 11/10/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Thunderbird versions prior to
                              131.0.1, 128.3.1, 115.16.0.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2024-52/
_____________________________________________________________________

Mozilla Foundation Security Advisory 2024-52
Security Vulnerability fixed in Thunderbird 131.0.1,
Thunderbird 128.3.1, Thunderbird 115.16.0

Announced
     October 10, 2024
Impact
     critical
Products
     Thunderbird
Fixed in

         Thunderbird 115.16
         Thunderbird 128.3.1
         Thunderbird 131.0.1

In general, these flaws cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail,
but are potentially risks in browser or browser-like contexts.


#CVE-2024-9680: Use-after-free in Animation timeline

Reporter
     Damien Schaeffer from ESET
Impact
     critical


Description

An attacker was able to achieve code execution in the content process
by exploiting a use-after-free in Animation timelines. We have had
reports of this vulnerability being exploited in the wild.


References

     Bug 1923344


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================