publications

2026

1. From Vulnerability Discovery to 0day Exploit Development: A Case Study

   MC Moscovium

   Feb 2026

   Forthcoming. Details pending vendor coordination and patch release.

   Abs

   End-to-end case study documenting the complete lifecycle of vulnerability research: discovery methodology, vulnerability validation, proof-of-concept exploit development, responsible disclosure process, and lessons learned. Covers technical analysis techniques, exploit reliability challenges, ethical considerations, and coordination with software vendors. Publication will be released publicly upon successful patch deployment and vendor approval.

2024

1. CVE-2024-9680: Use-After-Free in Firefox Animation Timelines Leading to Remote Code Execution

   MC Moscovium

   . Analysis and exploit code available here , Nov 2024

   Patched in Firefox 131.0.2, ESR 128.3.1, and 115.16.1. Actively exploited in the wild targeting Tor Browser users.

   Abs Bib HTML Code

   Comprehensive analysis of CVE-2024-9680, a critical use-after-free vulnerability in Firefox’s animation timeline management allowing remote code execution. Repository includes original exploit code from wild attacks, safety-hardened educational demonstration, and stage-by-stage exploitation breakdown covering initialization (Web Workers shellcode delivery), DOM crafting (SVG animation structures), heap spraying, and UAF trigger through animation attribute manipulation.

   @misc{cve20249680,
     title = {{CVE}-2024-9680: {U}se-{A}fter-{F}ree in {F}irefox {A}nimation {T}imelines {L}eading to {R}emote {C}ode {E}xecution},
     author = {Moscovium, MC},
     year = {2024},
     month = nov,
     howpublished = {GitHub Repository},
     note = {Patched in Firefox 131.0.2, ESR 128.3.1, and 115.16.1. Actively exploited in the wild targeting Tor Browser users.},
     tags = {exploit, vulnerability, tor, firefox, uaf, rce, 0day, javascript}
   }