Mozilla has released an update for Firefox with version 131.0.2 to fix a “critical” flaw that has been exploited, according to a post published Wednesday.”An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines,” Mozilla explains in its technical description of the bug, adding: “We have had reports of this vulnerability being exploited in the wild.”Code execution or code injection is when an attacker can add malicious code to break software or infect a device. This could be malware, or code with other malicious impacts. Use-after-free attacks are computer memory attacks that can occur if a software fails to clear the “pointer” to its memory when it’s no longer using said memory. That glitch can then allow a attacker to compromise or hack the software.The flaw was discovered by ESET researcher Damien Schaeffer, according to Mozilla’s update. The exploit impacted both regular Firefox and Firefox Extended Support Release (ESR) versions, the latter of which can be used by businesses. Firefox is an open-source browser option that’s been around since 2004. Over the years, it’s added plenty of new features like PDF editing, “Firefox View,” private browsing, a fake review checker, custom translations, an AI chatbot, and more.
Recommended by Our Editors
Last month, however, the nonprofit tech privacy group Noyb took issue with Firefox’s new “Privacy-Preserving Attribution” feature, which is being tested as a post-cookie way to provide user data around web ads to sites. Mozilla says the ad-collection feature anonymizes user data before sending it off, but Noyb wants Mozilla to make the feature opt-in (and off) by default.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Kate Irwin
Reporter
I’m a reporter for PCMag covering tech news early in the morning. Prior to joining PCMag, I was a producer and reporter at Decrypt and launched its gaming vertical, GG. I have previously written for Input, Game Rant, Dot Esports, and other places, covering a range of gaming, tech, crypto, and entertainment news.
Read Kate’s full bio
Read the latest from Kate Irwin