Comprehensive analysis of CVE-2024-9680, a critical use-after-free vulnerability in Firefox’s animation timeline management allowing remote code execution. Repository includes original exploit code from wild attacks, safety-hardened educational demonstration, and stage-by-stage exploitation breakdown covering initialization (Web Workers shellcode delivery), DOM crafting (SVG animation structures), heap spraying, and UAF trigger through animation attribute manipulation.
@misc{cve20249680,title={{CVE}-2024-9680: {U}se-{A}fter-{F}ree in {F}irefox {A}nimation {T}imelines {L}eading to {R}emote {C}ode {E}xecution},author={moscovium-mc},year={2025},month=nov,howpublished={GitHub Repository},note={Patched in Firefox 131.0.2, ESR 128.3.1, and 115.16.1. Actively exploited in the wild targeting Tor Browser users.},tags={exploit, vulnerability, tor, firefox, uaf, rce, 0day, javascript}}