UAF (Use-After-Free) in Animation Timelines - Remote Code Execution Vulnerability This repository contains a comprehensive analysis and educational demonstration of CVE-2024-9680, a critical UAF (use-after-free) vulnerability in Firefox's animation timeline management that allows remote code execution in the browser's content process. This vulnerability was actively exploited in the wild targeting TOR Browser users. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
- Patches applied November 5, 2024
Original Exploit Code: The complete, unmodified exploit code from the wild exploitation is preserved in this repository for research and analysis purposes. The code is provided exactly as it was found during active attacks.
Educational Analysis: A modified, safety-hardened version with detailed technical stage-by-stage breakdown of the exploitation process.
The repository provides multiple ways to analyze the exploit:
- Live Analysis Page: Open exploit html to see the complete exploit breakdown with safety modifications
- Code Review: Examine the original exploit code with details
- Technical Documentation: Review the stage-by-stage exploitation process
Additional Legal Notice: This repository contains analysis of security vulnerability code for EDUCATIONAL AND RESEARCH PURPOSES ONLY. While the code is dedicated to the public domain, users are responsible for ensuring their use complies with all applicable laws and regulations. The authors are not responsible for any misuse of this information.
Ethical Use Required: This is provided for security education, defensive research, and academic purposes. Any use of this information for malicious activities is strictly prohibited and may violate laws.
- Initialization: Encoded shellcode delivery via Web Workers
- DOM Crafting: Complex SVG animation structures with circular timing references
- Exploitation: Heap spraying and UAF trigger through animation attribute manipulation
- Post-Exploitation: Analysis of intended secondary payload delivery
- Firefox Animation Timeline Management
- SVG Animation Element Handling
- ArrayBuffer Heap Spraying
- Use-After-Free in pauseAnimations()
This repository contains modified exploit code for EDUCATIONAL PURPOSES ONLY. The original malicious functionality has been disabled and safety measures have been implemented. Use of this material for any malicious purposes is strictly prohibited and may violate laws