Techly NewsGet the app

Get the latest tech news

RomCom exploits Firefox and Windows zero days in the wild


ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit.

Chained with another previously unknown vulnerability in Windows, assigned CVE-2024-49039 with a CVSS score of 8.8, arbitrary code can be executed in the context of the logged-in user. While we don’t know how the link to the fake website is distributed, however, if the page is reached using a vulnerable browser, a payload is dropped and executed on the victim’s computer with no user interaction required. According to our telemetry, from October 10 th, 2024 to November 4 th, 2024, potential victims who visited websites hosting the exploit were located mostly in Europe and North America, as shown in Figure 2.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Windows

Windows

Photo of Firefox

Firefox

Photo of Days

Days

Related news:

News photo

Russia-Linked Hackers Exploited Firefox, Windows Bugs In 'Widespread' Hacking Campaign

News photo

Russia-linked hackers exploited Firefox and Windows bugs in ‘widespread’ hacking campaign

News photo

Firefox and Windows zero-days exploited by Russian RomCom hackers

« Krishnan to Leave Andreessen, Talks With Musk on Future Role
Feature-Packed systemd 257 Nears Release With RC3 Availability »