'''Does MacOS requires the version 131.0.2 Firefox update to address the recent zero-day active exploit? The reason I ask is Tanium Deploy Software Gallery only includes updates to Windows Firefox versions to address this zero-day.''' '''Description:''' Mozilla 0-day. CVE-2024-9680 is a use after free vulnerability in the Animation timelines component of Mozilla. Animation timelines are a part of Firefox’s Web Animations API, which controls and synchronizes animations on the web pages. An attacker may exploit the vulnerability to achieve code execution in the content process. Use-after-free vulnerability occurs when the memory that has been freed is still used by the program. The vulnerability may allow attackers to add their malicious data to the memory region for code execution. *Affected Versions* * Firefox versions before 131.0.2 * Firefox ESR versions before 128.3.1 * Firefox ESR versions before 115.16.1. *Mitigation* Customers can upgrade to the following versions to mitigate the vulnerability: * Firefox 131.0.2 * Firefox ESR 128.3.1 * Firefox ESR 115.16.1 For more information, please refer to the [Mozilla security advisory|https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/].