UAF (Use-After-Free) in Animation Timelines - Remote Code Execution Vulnerability
Actively exploited in the wild targeting Tor Browser users
This repository contains a comprehensive analysis and educational demonstration of CVE-2024-9680, a critical UAF (use-after-free) vulnerability in Firefox's animation timeline management that allows remote code execution in the browser's content process.
- Firefox < 131.0.2
- Firefox ESR < 128.3.1, < 115.16.1
- Thunderbird < 131.0.1, < 128.3.1, < 115.16.0
Patches applied: November 5, 2024
Original Exploit Code
The complete, unmodified exploit code from wild exploitation is preserved in this repository for research and analysis purposes. The code is provided exactly as it was found during active attacks.
Educational Analysis
A modified, safety-hardened version with detailed technical stage-by-stage breakdown of the exploitation process.
Security Analysis
The repository provides multiple ways to analyze the exploit:
- Live Analysis Page: Open exploit HTML to see complete exploit breakdown with safety modifications
- Code Review: Examine the original exploit code with detailed annotations
- Technical Documentation: Review the stage-by-stage exploitation process
Encoded shellcode delivery via Web Workers
Complex SVG animation structures with circular timing references
Heap spraying and UAF trigger through animation attribute manipulation
Analysis of intended secondary payload delivery
- Firefox Animation Timeline Management
- SVG Animation Element Handling
- ArrayBuffer Heap Spraying
- Use-After-Free in
pauseAnimations()
git clone https://github.com/moscovium-mc/Tor-0day-JavaScript-Exploit
cd Tor-0day-JavaScript-Exploit
# Open exploit/index.html in a PATCHED browser for analysisNote
This exploit only works on unpatched versions. Make sure you are using a patched browser (Firefox >= 131.0.2) for analysis.
Tip
For security researchers: Use a sandboxed VM environment when analyzing exploit code.
Warning
EDUCATIONAL AND RESEARCH PURPOSES ONLY
This repository contains analysis of real-world exploit code for educational purposes.
Important
While dedicated to the public domain under CC0 1.0 Universal, users are solely responsible for compliance with all applicable laws and regulations. See LICENSE for complete terms.
- Security education and training
- Defensive security research and threat analysis
- Academic study of exploitation techniques
- Improving software security and defensive measures
- Authorized vulnerability assessment and penetration testing
- Unauthorized access to computer systems or networks
- Malicious attacks, exploitation, or damage to systems
- Any illegal activities or violation of computer crime laws
- Attacks against systems without explicit written authorization
Caution
The original malicious functionality has been disabled and safety measures have been implemented. The authors assume no responsibility for misuse. Use ethically and legally.
Official References
Related Research
- UAF exploitation techniques
- Browser sandbox escapes
- Heap spraying methodologies