Russian hackers exploit Firefox, Windows zero days in wild

RomCom threat actors chained two Firefox and Windows zero-day vulnerabilities together in order to execute arbitrary code in vulnerable Mozilla browsers.

• Share this item with your network:

• Alexander Culafi, Senior News Writer

A "Russia-aligned group" known as RomCom exploited Firefox and Windows Task Scheduler zero-day vulnerabilities in the wild, according to research from antimalware vendor ESET.

In a blog post published Wednesday, ESET analyzed two previously unknown vulnerabilities that were chained together into a zero-click exploit. One is CVE-2024-9680, a critical vulnerability with a CVSS 9.8 score, which enables "vulnerable versions of Firefox, Thunderbird, and the Tor Browser to execute code in the restricted context of the browser." When chained with Windows Task Scheduler flaw CVE-2024-49039, which received a CVSS 8.8 score, ESET said "arbitrary code can be executed in the context of the logged-in user."

RomCom, otherwise known as Storm-0978, Tropical Scorpius or UNC2596, is a Russia-aligned ...