A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.

CPENameOperatorVersion
firefoxlt50.0.2
firefox esrlt45.5.1
thunderbirdlt45.5.1

Name	Operator	Version
firefox	lt	50.0.2
firefox esr	lt	45.5.1
thunderbird	lt	45.5.1

References

bugzilla.mozilla.org/show_bug.cgi?id=1321066

nessus 32

oraclelinux 2

attackerkb 1

slackware 2

archlinux 2

openvas 33

centos 2

debiancve 1

veracode 1

cve 1

cert 1

cisa_kev 1

debian 5

kaspersky 1

redhat 2

zdt 4

freebsd 1

mageia 2

prion 1

thn 1

ubuntucve 1

googleprojectzero 1

suse 7

redhatcve 1

seebug 1

packetstorm 2

ubuntu 2

checkpoint_advisories 1

exploitpack 1

gentoo 2

osv 2

ibm 2

nessus

Mozilla Thunderbird < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE

2016-12-02 00:00:00

Slackware 14.1 / 14.2 / current : mozilla-firefox (SSA:2016-336-01)

2016-12-01 00:00:00

RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:2850)

2016-12-06 00:00:00

oraclelinux

thunderbird security update

2016-12-05 00:00:00

firefox security update

2016-12-01 00:00:00

attackerkb

CVE-2016-9079

2018-06-11 00:00:00

slackware

[slackware-security] mozilla-firefox

2016-12-01 09:00:27

[slackware-security] mozilla-thunderbird

2016-12-01 09:00:42

archlinux

[ASA-201612-2] thunderbird: arbitrary code execution

2016-12-01 00:00:00

[ASA-201612-1] firefox: multiple issues

2016-12-01 00:00:00

openvas

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2016:2991-1)

2016-12-05 00:00:00

Debian: Security Advisory (DSA-3728-1)

2016-11-30 00:00:00

Debian Security Advisory DSA 3728-1 (firefox-esr - security update)

2016-12-01 00:00:00

centos

thunderbird security update

2016-12-06 20:06:31

firefox security update

2016-12-03 11:57:24

debiancve

CVE-2016-9079

2018-06-11 21:29:00

veracode

Information Disclosure

2019-01-15 09:14:26

cve

CVE-2016-9079

2018-06-11 21:29:00

cert

Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability

2016-11-30 00:00:00

cisa_kev

Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability

2023-06-22 00:00:00

debian

[SECURITY] [DSA 3728-1] firefox-esr security update

2016-12-01 14:27:36

[SECURITY] [DSA 3728-1] firefox-esr security update

2016-12-01 14:27:36

[SECURITY] [DSA 3730-1] icedove security update

2016-12-11 16:05:42

kaspersky

KLA10906 Use-after-free vulnerability in Mozilla products

2016-11-30 00:00:00

redhat

(RHSA-2016:2843) Critical: firefox security update

2016-12-01 00:00:00

(RHSA-2016:2850) Important: thunderbird security update

2016-12-05 00:00:00

zdt

Mozilla Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution Exploit

2017-01-24 00:00:00

Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution Exploit

2017-07-15 00:00:00

Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution Exploit

2018-03-17 00:00:00

freebsd

Mozilla -- SVG Animation Remote Code Execution

2016-11-30 00:00:00

mageia

Updated firefox packages fix security vulnerability

2016-12-06 00:49:27

Updated thunderbird packages fix security vulnerabilities

2016-12-06 00:49:27

prion

Design/Logic Flaw

2018-06-11 21:29:00

thn

UPDATE Firefox and Tor to Patch Critical Zero-day Vulnerability

2016-11-30 21:32:00

ubuntucve

CVE-2016-9079

2016-11-30 00:00:00

googleprojectzero

The Great DOM Fuzz-off of 2017

2017-09-21 00:00:00

suse

Security update for Mozilla Thunderbird (important)

2016-12-04 22:06:50

Security update for MozillaFirefox (important)

2016-12-07 21:07:02

Security update for MozillaFirefox (important)

2016-12-04 22:07:40

redhatcve

CVE-2016-9079

2016-12-01 02:47:37

seebug

New Firefox/Tor Browser 0-day vulnerability （CVE-2016-9079）

2016-11-30 00:00:00

packetstorm

Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution

2017-01-24 00:00:00

Firefox 50.0.1 ASM.JS JIT-Spray Remote Code Execution

2017-07-14 00:00:00

ubuntu

Firefox vulnerabilities

2016-11-30 00:00:00

Thunderbird vulnerabilities

2016-12-01 00:00:00

checkpoint_advisories

Mozilla Multiple Products Remote Code Execution (CVE-2016-9079; CVE-2017-5375)

2016-12-01 00:00:00

exploitpack

Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution

2017-07-14 00:00:00

gentoo

Mozilla SeaMonkey: Multiple vulnerabilities

2017-01-13 00:00:00

Mozilla Firefox, Thunderbird: Multiple vulnerabilities

2017-01-03 00:00:00

osv

firefox-esr - security update

2016-12-01 00:00:00

icedove - security update

2016-12-17 00:00:00

ibm

Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS

2018-06-18 00:32:15

Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified.

2018-06-18 00:32:14

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.954 High

EPSS

Percentile

99.3%

JSON

Related for MFSA2016-92