1. Home
  2. Security Advisories
  3. Mozilla
  4. MFSA-2016-92

[MFSA-2016-92] Firefox SVG Animation Remote Code Execution

Severity Critical
Affected Packages 3
Fixed Packages 3
CVEs 1
Info Packages References Vulnerabilities
  • CVE-2016-9079: Use-after-free in SVG Animation (critical) A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.
Package Affected Version
pkg:mozilla/Thunderbird < 45.5.1
pkg:mozilla/Firefox%20ESR < 45.5.1
pkg:mozilla/Firefox < 50.0.2
Package Fixed Version
pkg:mozilla/Thunderbird = 45.5.1
pkg:mozilla/Firefox%20ESR = 45.5.1
pkg:mozilla/Firefox = 50.0.2
ID
MFSA-2016-92
Severity
critical
URL
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92
Published
2016-11-30T00:00:00
(7 years ago)
Modified
2016-11-30T00:00:00
(7 years ago)
Other Advisories
Source # ID Name URL
Bugzilla 1321066 Iterator invalidation in nsSMILTimeContainer::NotifyTimeChange() https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:mozilla/Thunderbird Thunderbird < 45.5.1
Fixed pkg:mozilla/Thunderbird Thunderbird = 45.5.1
Affected pkg:mozilla/Firefox%20ESR Firefox ESR < 45.5.1
Fixed pkg:mozilla/Firefox%20ESR Firefox ESR = 45.5.1
Affected pkg:mozilla/Firefox Firefox < 50.0.2
Fixed pkg:mozilla/Firefox Firefox = 50.0.2
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date