CVE-2016-9079

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 95.64 % (99^th)

Affected Products 12

Advisories 22

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2018-06-11 21:29:01
(6 years ago)
Updated Date: 2018-08-09 15:12:10
(6 years ago)

Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)

Description: Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
Required Action: Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns: Unknown
Notes: https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079; https://nvd.nist.gov/vuln/detail/CVE-2016-9079

Vendor: Mozilla
Product: Firefox, Firefox ESR, and Thunderbird
In CISA Catalog from: 2023-06-22
(15 months ago)
Due Date: 2023-07-13
(14 months ago)

Affected Products

Debian

Debian Linux

Microsoft

Windows

Mozilla

Redhat

Torproject

Configuration #1

AND

		CPE23	From	Up To
OR
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #2

AND

		CPE23
OR
	Redhat Enterprise Linux 5.0	cpe:2.3:o:redhat:enterprise_linux:5.0
OR
	Running on/with
	Redhat Enterprise Linux 6.0	cpe:2.3:o:redhat:enterprise_linux:6.0
OR
	Running on/with
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
OR
	Running on/with
	Redhat Enterprise Linux Desktop 5.0	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
OR
	Running on/with
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
OR
	Running on/with
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
OR
	Running on/with
	Redhat Enterprise Linux Server 5.0	cpe:2.3:o:redhat:enterprise_linux_server:5.0
OR
	Running on/with
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
OR
	Running on/with
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
OR
	Running on/with
	Redhat Enterprise Linux Server Aus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
OR
	Running on/with
	Redhat Enterprise Linux Server Aus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
OR
	Running on/with
	Redhat Enterprise Linux Server Eus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3
OR
	Running on/with
	Redhat Enterprise Linux Server Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4
OR
	Running on/with
	Redhat Enterprise Linux Server Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5
OR
	Running on/with
	Redhat Enterprise Linux Workstation 5.0	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
OR
	Running on/with
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
OR
	Running on/with
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #3

AND

		CPE23	Up To
OR
	Mozilla Thunderbird prior 45.5.1 version	cpe:2.3:a:mozilla:thunderbird	< 45.5.1
OR
	Running on/with
	Microsoft Windows	cpe:2.3:o:microsoft:windows:-

Configuration #4

AND

		CPE23	Up To
OR
	Mozilla Firefox prior 50.0.2 version	cpe:2.3:a:mozilla:firefox	< 50.0.2
OR
	Running on/with
	Microsoft Windows	cpe:2.3:o:microsoft:windows:-

Configuration #5

AND

		CPE23	Up To
OR
	Mozilla Firefox Esr prior 45.5.1 version	cpe:2.3:a:mozilla:firefox_esr	< 45.5.1
OR
	Running on/with
	Microsoft Windows	cpe:2.3:o:microsoft:windows:-

Configuration #6

AND

		CPE23
OR
	Torproject Tor	cpe:2.3:a:torproject:tor:-
OR
	Running on/with
	Microsoft Windows	cpe:2.3:o:microsoft:windows:-