Firefox and Windows zero-day security bugs hit by Russian hackers, so be on your guard
techradar.com- ESET discovers two zero-day vulnerabilities that can lead to remote code execution
- The researchers spot Russian hackers abusing the flaws to deploy backdoors
- Fixes for both flaws are already available to download
A Russian advanced persistent threat (APT) group known as RomCom has been exploiting two zero-day vulnerabilities to hit its victims with potent backdoor malware, security experts have said.
ESET said its researchers first found a use-after-free bug in the animation timeline feature in Firefox. Since the bug forces the browser to use memory that has already been freed, it can lead to all sorts of undefined behavior, including executing code in the restricted context of the browser. This bug was discovered on October 8, and was assigned CVE-2024-9680. It was fixed a day later, on October 9.
Further investigation led to the discovery of a second vulnerability, this time in Windows, tracked as CVE-2024-49039, WHICH allows previously authenticated ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE