Vulnerability cyber

Mozilla

Dec 4, 2024 1 min read
Mozilla

The Russian RomCom group targeted Mozilla's Firefox and Tor Browser with zero-day vulnerabilities, compromising user systems through a sophisticated chain of exploits that required no user interaction. Attackers hosted malicious websites that redirected victims and downloaded the RomCom backdoor, leading to up to 250 victims per country between October 10 and November 4, 2024. The zero-day vulnerabilities CVE-2024-9680 and CVE-2024-49039 exploited animation timelines and Task Scheduler privilege escalation flaws respectively. The attackers also employed advanced techniques such as Reflective DLL Injection and backdoors. Mozilla responded promptly with a fix within 25 hours, demonstrating their commitment to security.

Source: https://securityaffairs.com/171443/apt/russia-romcom-group-firefox-tor-browser-zero-day.html

TPRM report: https://scoringcyber.rankiteo.com/company/mozilla-corporation

"id": "moz002120424",
"linkid": "mozilla-corporation",
"type": "Vulnerability",
"date": "11/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Up to 250 victims per country',
                        'industry': 'Software',
                        'name': 'Mozilla',
                        'type': 'Organization'}],
 'attack_vector': 'Malicious Websites, Reflective DLL Injection, Backdoors',
 'date_detected': '2024-10-10',
 'date_resolved': '2024-11-05',
 'description': "The Russian RomCom group targeted Mozilla's Firefox and Tor "
                'Browser with zero-day vulnerabilities, compromising user '
                'systems through a sophisticated chain of exploits that '
                'required no user interaction. Attackers hosted malicious '
                'websites that redirected victims and downloaded the RomCom '
                'backdoor, leading to up to 250 victims per country between '
                'October 10 and November 4, 2024. The zero-day vulnerabilities '
                'CVE-2024-9680 and CVE-2024-49039 exploited animation '
                'timelines and Task Scheduler privilege escalation flaws '
                'respectively. The attackers also employed advanced techniques '
                'such as Reflective DLL Injection and backdoors. Mozilla '
                'responded promptly with a fix within 25 hours, demonstrating '
                'their commitment to security.',
 'impact': {'systems_affected': ['Firefox', 'Tor Browser']},
 'initial_access_broker': {'backdoors_established': 'RomCom Backdoor',
                           'entry_point': 'Malicious Websites'},
 'threat_actor': 'RomCom Group',
 'title': 'RomCom Group Zero-Day Exploits Against Mozilla Firefox and Tor '
          'Browser',
 'type': 'Zero-Day Exploit',
 'vulnerability_exploited': ['CVE-2024-9680', 'CVE-2024-49039']}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

Apple

public 1 min read
Multiple vulnerabilities in macOS SMBClient, identified as CVE-2025-24269 and CVE-2025-24235, and an unassigned flaw, allow attackers to execute arbitrary code…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.