Attacks exploiting a recently addressed critical use-after-free vulnerability in Mozilla Firefox, tracked as CVE-2024-9680, have been launched against users of the Tor anonymity network, which has also released a fix to remediate the issue, reports The Record, a news site by cybersecurity firm Recorded Future.
Such a flaw — which could enable malicious code execution within the content process of the targeted browser — could be leveraged to facilitate Tor Browser hijacking but not deanonymization in the privacy-focused Tails operating system, according to a statement from Tor, which also noted Mozilla's knowledge of ongoing intrusions against Tor Browser users.
Threat actors could also easily exploit the vulnerability, which was discovered and reported by ESET researchers, without any user interaction.
Users of both Mozilla Firefox and Tor browsers have been urged to immediately apply the latest versions of their respective browsers to prevent potential compromise with the memory corruption issue.