← back
CVE-2016-9079

CVE-2016-9079

CVSS 7.5 HIGHEPSS 87.9%● KEVCWE-416
In short

Firefox has a use-after-free vulnerability in SVG Animation that allows attackers to crash the browser or execute arbitrary code. This flaw is actively being exploited against Windows users.

Technical detail

A use-after-free vulnerability in SVG Animation processing allows an attacker to access freed memory through malicious SVG content, potentially leading to code execution. The vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1 on Windows systems, with active exploitation documented in the wild.

Summary generated and translated by AI from the official description.
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird
public PoCs found7
githubgithub.com/dangokyo/CVE-2016-90797githubgithub.com/LakshmiDesai/CVE-2016-90791githubgithub.com/Tau-hub/Firefox-CVE-2016-90791cve_referencewww.exploit-db.com/exploits/42327/unverifiedcve_referencewww.exploit-db.com/exploits/41151/unverifiedexploitdbwww.exploit-db.com/exploits/42327unverifiedexploitdbwww.exploit-db.com/exploits/41151unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://rhn.redhat.com/errata/RHSA-2016-2843.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2850.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1321066https://security.gentoo.org/glsa/201701-15https://security.gentoo.org/glsa/201701-35https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079https://www.debian.org/security/2016/dsa-3730https://www.exploit-db.com/exploits/41151/https://www.exploit-db.com/exploits/42327/https://www.mozilla.org/security/advisories/mfsa2016-92/http://www.securityfocus.com/bid/94591http://www.securitytracker.com/id/1037370