Get the new Firefox 131.0.2 emergency update
The update patches a critical security flaw already under attack.
New versions of Firefox editions are available to fix security vulnerabilities that are already being attacked in the wild.
Mozilla has released new versions of Firefox to patch a critical security vulnerability that is currently being exploited. This flaw, found in the browser's animation timelines, allows attackers to inject and execute malicious code via a use-after-free weakness (CVE-2024-9680). Mozilla has classified this vulnerability as critical, though no CVSS score has been assigned yet.
While details on the specific attacks remain scarce, Mozilla urges users to update their browsers immediately. Firefox versions 131.0.2, along with ESR versions 128.3.1 and 115.16.1, include the necessary security patches. Thunderbird is not mentioned as affected.
To update, users can access Firefox's version update tool by clicking the three-line menu to the right of the address bar, navigating to Help, and selecting About Firefox. Given the urgency and active exploitation of this flaw, users and system administrators should ensure they are running the latest version without delay.