CVE-2016-9079

Summary

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 50.0.2affected
MozillaFirefox ESRunspecified < 45.5.1affected
MozillaThunderbirdunspecified < 45.5.1affected

Weaknesses

  • Use-after-free in SVG Animation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

References