New Firefox Vulnerability Could Have Been Used to Attack Tor Users
A recently patched vulnerability in Firefox, CVE-2024-9680, may have been exploited to target users of the Tor Browser. The issue, discovered by ESET specialist Damien Schaeffer, was a use-after-free bug in Animation timelines—a component of the Firefox Web Animations API responsible for managing and synchronizing animations on web pages.
Mozilla released an emergency patch and warned that the vulnerability could allow an attacker to execute arbitrary code while processing web content. At the time, no further details were provided about the bug or any attacks exploiting it.
The vulnerability was fixed in the following browser versions:
- Firefox 131.0.2
- Firefox ESR 115.16.1
- Firefox ESR 128.3.1
According to Mozilla, ESET provided them with a “live” exploit for CVE-2024-9680 that had been used by hackers in real-world attacks. “The sample sent to us by ESET contained a full exploit chain that allowed remote code execution on the user’s computer,” Mozilla developers reported.
Mozilla assembled a team to reverse-engineer the exploit and understand its workings, and within a day, they released an emergency patch. The organization emphasized that they will continue analyzing the exploit to develop additional security measures for Firefox.
Impact on Tor Browser Users
Around the same time, Tor developers reported that, according to Mozilla, this vulnerability was actively used in attacks against Tor Browser users. “By exploiting this vulnerability, an attacker could gain control over the Tor Browser, but would likely not be able to deanonymize you in Tails,” the statement read.
However, the blog post was later edited, and Tor ProjectThe Tor Project is a nonprofit organization dedicated to protecting online privacy and ensuring uncensored access to the internet. Emerging from U.S. Naval Research Lab experiments with onion routing in the 1990s, Tor evolved into a decentralized, volunteer-powered network that hides user identities by routing traffic through multiple encrypted relays. Since the launch of the Tor Browser in 2008, it has become a crucial tool for activists, journalists, and everyday users worldwide—supporting free expression during events like the Arab Spring and proving resilient in the face of mass surveillance disclosures. Today, Tor is sustained by a global community committed to human rights, transparency, and digital freedom. More representatives clarified that they have no evidence that Tor Browser users were deliberately targeted with CVE-2024-9680. Nevertheless, the bug did affect the Tor Browser, which is based on Firefox, and developers stress that the issue has been resolved in Tor Browser versions 13.5.7, 13.5.8 (for Android), and 14.0a9.