The backdoor can execute instructions and lets attackers obtain further modules onto the sufferer’s machine, ESET analysis finds
26 Nov 2024
ESET researchers have uncovered two beforehand unknown vulnerabilities in a number of Mozilla merchandise and in Home windows, with each flaws underneath energetic exploitation by RomCom, a Russia-aligned group recognized for opportunistic campaigns towards chosen enterprise verticals and focused espionage operations alike.
- CVE-2024-9680 is a use-after-free bug that permits susceptible variations of Firefox, Thunderbird, and the Tor Browser to execute code within the restricted context of the browser. Mozilla patched the vulnerability on October 9th, 2024.
- CVE‑2024‑49039 is a privilege escalation bug in Home windows that permits code to run outdoors of Firefox’s sandbox. Microsoft launched a patch for this second vulnerability on November 12th, 2024.
Chaining the 2 flaws permits unhealthy actors to run arbitrary code within the context of the logged-in consumer – and with none consumer interplay – in a so-called zero-click exploit. In campaigns noticed by ESET, this led to the set up of RomCom’s eponymous backdoor on the sufferer’s laptop. The backdoor can execute instructions and obtain further modules to the sufferer’s machine.
What precisely does the compromise chain contain and what else is there to know concerning the vulnerabilities and the exploits abusing them? Discover out within the video by ESET Chief Safety Evangelist Tony Anscombe and you should definitely additionally learn the total blogpost.
![[Don’t have your Home Return Permit?] 】Apply for an digital short-term move in 10 minutes|Validity interval and utility restrictions|Relevant to expired/misplaced Residence Go to Allow](http://marketibiza.com/wp-content/uploads/2025/05/KS-thumbnail-design-20250409-B-75x75.jpg)
![[Don’t have your Home Return Permit?] 】Apply for an digital short-term move in 10 minutes|Validity interval and utility restrictions|Relevant to expired/misplaced Residence Go to Allow](http://marketibiza.com/wp-content/uploads/2025/05/KS-thumbnail-design-20250409-B-120x86.jpg)
