Two vulnerabilities in Mozilla products and Windows are actively exploited by RomCom, a Kremlin-linked cybercriminal group known for targeting businesses and conducting espionage, warn security researchers from Eset. GovInfoSecurity reports:
Researchers identified two critical vulnerabilities in Mozilla Foundation products. One, tracked as CVE-2024-9680 is a use-after-free flaw allowing code execution in the Firefox and the Thunderbird email client. It also affects the Tor Browser, which is a modified version of Firefox. The other flaw CVE‑2024‑49039 is a Windows privilege escalation bug bypassing the Firefox sandbox. Mozilla patched the first on Oct. 9, and Microsoft announced a fix for the second on Nov. 12.
Read more at GovInfoSec.