From c07b4d707255dfcca9ab64f22e87fde1ffd6c950 Mon Sep 17 00:00:00 2001
From: Jesse Schwartzentruber <truber@mozilla.com>
Date: Thu, 10 Oct 2024 16:50:12 -0400
Subject: [PATCH] Advisories for Thunderbird 131.0.1, 128.3.1, 115.16.0

---
 announce/2024/mfsa2024-52.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 announce/2024/mfsa2024-52.yml

diff --git a/announce/2024/mfsa2024-52.yml b/announce/2024/mfsa2024-52.yml
new file mode 100644
index 0000000..b0056fd
--- /dev/null
+++ b/announce/2024/mfsa2024-52.yml
@@ -0,0 +1,20 @@
+## mfsa2024-52.yml
+announced: October 10, 2024
+impact: critical
+fixed_in:
+- Thunderbird 131.0.1
+- Thunderbird 128.3.1
+- Thunderbird 115.16.0
+title: Security Vulnerability fixed in Thunderbird 131.0.1, Thunderbird 128.3.1, Thunderbird 115.16.0
+description: |
+  *In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.*
+advisories:
+  CVE-2024-9680:
+    title: Use-after-free in Animation timeline
+    impact: critical
+    reporter: Damien Schaeffer from ESET
+    description: |
+      An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
+      We have had reports of this vulnerability being exploited in the wild.
+    bugs:
+      - url: 1923344