Mozilla Firefox ESR 45.x < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE (macOS)

The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a...

Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE

The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0.2. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web...

Debian DLA-730-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or bypass of the same-origin policy. A man-in-the-middle attack in the addon update mechanism ha...

Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE (macOS)

The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 50.0.2. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially...

Mozilla Thunderbird < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE

The version of Mozilla Thunderbird installed on the remote Windows host is prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted we...

Mozilla: Firefox SVG Animation Remote Code Execution (MFSA 2016-92)

A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...

[SECURITY] [DSA 3728-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3728-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 01, 2016 https://www.debian.org/security/faq -...

Mozilla Firefox ESR Security Advisories (MFSA2016-92, MFSA2016-92) - Mac OS X

Mozilla Firefox ESR is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mozilla Firefox Security Advisories (MFSA2016-92, MFSA2016-92) - Mac OS X

Mozilla Firefox is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FreeBSD : Mozilla -- SVG Animation Remote Code Execution (18f39fb6-7400-4063-acaf-0806e92c094f)

The Mozilla Foundation reports : A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...

DSA-3728-1 firefox-esr - security update

Bulletin has no description...

Debian Security Advisory DSA 3728-1 (firefox-esr - security update)

A use-after-free vulnerability in the SVG Animation was discovered in the Mozilla Firefox web browser, allowing a remote attacker to cause a denial of service application crash or execute arbitrary code, if a user is tricked into opening a specially crafted website. OpenVAS Vulnerability Test $Id...

[ASA-201612-2] thunderbird: arbitrary code execution

Arch Linux Security Advisory ASA-201612-2 ========================================= Severity: Critical Date : 2016-12-01 CVE-ID : CVE-2016-9079 Package : thunderbird Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package thunderbir...

UBUNTU-CVE-2016-9079

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox 50.0.2, Firefox ESR 45.5.1, and Thunderbird 45.5.1...

Firefox SVG Animation Remote Code Execution — Mozilla

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows...

CVE-2016-9079

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox 50.0.2, Firefox ESR 45.5.1, and Thunderbird 45.5.1...

Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability

Overview Mozilla Firefox contains a use-after-free vulnerability in the SVG animation functionality, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Firefox supports SVG animation through the use of SMIL. The...

KLA10906 Use-after-free vulnerability in Mozilla products

A use-after-free vulnerability was found in Mozilla Firefox before 50.0.2, Mozilla Firefox ESR before 45.5.1 and Mozilla Thunderbird before 45.5.1. Exploiting this vulnerability can possibly lead to a denial of service and also an execution of arbitrary code. This vulnerability can be exploited...

Mozilla -- SVG Animation Remote Code Execution

The Mozilla Foundation reports: A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows...

Debian: Security Advisory (DSA-3728-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...