[VU:791496] Mozilla Firefox SVG animation nsSMILTimeContainer use-after-free vulnerability
Severity
High
CVEs
1
Overview
Mozilla Firefox contains a use-after-free vulnerability in the SVG animation functionality, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Impact
By convincing a use to view specially-crafted web content, a remote-unauthenticated attacker may be able to execute arbitrary code on an affected system.
Solution
Apply an update This issue is addressed in Tor Browser 6.0.7 and Mozilla Firefox versions 50.0.2 and 45.5.1 ESR, as well as Thunderbird 45.5.1.
- ID
- VU:791496
- Severity
- high
- Severity from
- CVE-2016-9079
- URL
- https://kb.cert.org/vuls/id/791496
- Published
-
2016-11-30T20:11:26
(7 years ago) - Modified
-
2016-12-02T19:56:27
(7 years ago) - Rights
- Copyright 2016, CERT Coordination Center (CERT/CC)
- Other Advisories
-
-
ASA-201612-1
-
ASA-201612-2
-
CISA-2023:0622
-
DSA-3728-1
-
DSA-3730-1
-
ELSA-2016-2843
-
ELSA-2016-2850
-
FREEBSD:18F39FB6-7400-4063-ACAF-0806E92C094F
-
GLSA-201701-15
-
GLSA-201701-35
-
MFSA-2016-92
-
openSUSE-SU-2016:3019-1
-
RHSA-2016:2843
-
RHSA-2016:2850
-
SSA:2016-336-01
-
SSA:2016-336-02
-
SUSE-SU-2016:3048-1
-
SUSE-SU-2016:3080-1
-
SUSE-SU-2016:3105-1
-
USN-3140-1
-
USN-3141-1
-
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |