VERY IMPORTANT

ESET researchers discovered a critical zero-day vulnerability in Mozilla products, exploited by the Russia-aligned group RomCom. The vulnerability, CVE-2024-9680, allows code execution in Firefox, Thunderbird, and Tor Browser. When chained with another Windows vulnerability, CVE-2024-49039, it enables arbitrary code execution without user interaction. The exploit chain delivered RomCom's backdoor in a widespread campaign targeting Europe and North America. Mozilla quickly patched the vulnerability within a day of notification. The Windows vulnerability, a privilege escalation bug in the Task Scheduler, was later patched by Microsoft. This sophisticated attack demonstrates RomCom's capabilities in developing or obtaining stealthy exploitation techniques.