A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-752-1 icedove security update
Debian DSA Debian DSA DSA-3728-1 firefox-esr security update
Debian DSA Debian DSA DSA-3730-1 icedove security update
Ubuntu USN Ubuntu USN USN-3140-1 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-3141-1 Thunderbird vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 21 Mar 2025 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Vendors & Products Mozilla firefox Esr

Fri, 07 Feb 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2023-06-22'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 27 Jan 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}


Wed, 14 Aug 2024 00:00:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2025-07-30T01:46:14.519Z

Reserved: 2016-10-27T00:00:00.000Z

Link: CVE-2016-9079

cve-icon Vulnrichment

Updated: 2024-08-06T02:42:10.169Z

cve-icon NVD

Status : Analyzed

Published: 2018-06-11T21:29:01.797

Modified: 2025-03-21T19:24:52.383

Link: CVE-2016-9079

cve-icon Redhat

Severity : Critical

Publid Date: 2016-12-01T00:00:00Z

Links: CVE-2016-9079 - Bugzilla

cve-icon OpenCVE Enrichment

No data.