The Russian RomCom group targeted Mozilla's Firefox and Tor Browser with zero-day vulnerabilities, compromising user systems through a sophisticated chain of exploits that required no user interaction. Attackers hosted malicious websites that redirected victims and downloaded the RomCom backdoor, leading to up to 250 victims per country between October 10 and November 4, 2024. The zero-day vulnerabilities CVE-2024-9680 and CVE-2024-49039 exploited animation timelines and Task Scheduler privilege escalation flaws respectively. The attackers also employed advanced techniques such as Reflective DLL Injection and backdoors. Mozilla responded promptly with a fix within 25 hours, demonstrating their commitment to security.
Source: https://securityaffairs.com/171443/apt/russia-romcom-group-firefox-tor-browser-zero-day.html
"id": "moz002120424",
"linkid": "mozilla-corporation",
"type": "Vulnerability",
"date": "11/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"