CVE-2016-9079
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 50.0.2 | affected |
| Mozilla | Firefox ESR | unspecified < 45.5.1 | affected |
| Mozilla | Thunderbird | unspecified < 45.5.1 | affected |
Weaknesses
- Use-after-free in SVG Animation
ADP Enrichment
CVE Program Container
Additional References
- https://www.debian.org/security/2016/dsa-3730
- http://rhn.redhat.com/errata/RHSA-2016-2843.html
- https://security.gentoo.org/glsa/201701-35
- http://www.securitytracker.com/id/1037370
- https://www.exploit-db.com/exploits/42327/
- http://rhn.redhat.com/errata/RHSA-2016-2850.html
- https://www.mozilla.org/security/advisories/mfsa2016-92/
- http://www.securityfocus.com/bid/94591
- https://security.gentoo.org/glsa/201701-15
- https://www.exploit-db.com/exploits/41151/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: partial
Additional References
References
- https://www.debian.org/security/2016/dsa-3730
- http://rhn.redhat.com/errata/RHSA-2016-2843.html
- https://security.gentoo.org/glsa/201701-35
- http://www.securitytracker.com/id/1037370
- https://www.exploit-db.com/exploits/42327/
- http://rhn.redhat.com/errata/RHSA-2016-2850.html
- https://www.mozilla.org/security/advisories/mfsa2016-92/
- http://www.securityfocus.com/bid/94591
- https://security.gentoo.org/glsa/201701-15
- https://www.exploit-db.com/exploits/41151/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.