CVE-2016-9079 - Vulnerability Details

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is in the KEV database since June 22, 2023.

Exploitation active

Automatable yes

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Microsoft	Windows
Mozilla	Firefox Thunderbird
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Eus Enterprise Linux Workstation
Torproject	Tor

Configuration 1 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 3 [-]

AND

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
firefox-0:45.5.1-1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2016:2843	2016-12-01T00:00:00Z
thunderbird-0:45.5.1-1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2016:2850	2016-12-05T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:45.5.1-1.el6_8	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:2843	2016-12-01T00:00:00Z
thunderbird-0:45.5.1-1.el6_8	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:2850	2016-12-05T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:45.5.1-1.el7_3	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:2843	2016-12-01T00:00:00Z
thunderbird-0:45.5.1-1.el7_3	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:2850	2016-12-05T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2016-2843.html
http://rhn.redhat.com/errata/RHSA-2016-2850.html
http://www.securityfocus.com/bid/94591
http://www.securitytracker.com/id/1037370
https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
https://nvd.nist.gov/vuln/detail/CVE-2016-9079
https://security.gentoo.org/glsa/201701-15
https://security.gentoo.org/glsa/201701-35
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2016-9079
https://www.debian.org/security/2016/dsa-3730
https://www.exploit-db.com/exploits/41151/
https://www.exploit-db.com/exploits/42327/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079
https://www.mozilla.org/security/advisories/mfsa2016-92/

History

Fri, 21 Mar 2025 19:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr::::::::	cpe:2.3:a:mozilla:firefox:::::esr:::*
Vendors & Products	Mozilla firefox Esr

Fri, 07 Feb 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2023-06-22'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 27 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_0 `{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}`

Wed, 14 Aug 2024 00:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2018-06-11T21:00:00.000Z

Updated: 2025-02-07T12:50:23.513Z

Reserved: 2016-10-27T00:00:00.000Z

Link: CVE-2016-9079

Vulnrichment

Updated: 2024-08-06T02:42:10.169Z

NVD

Status : Analyzed

Published: 2018-06-11T21:29:01.797

Modified: 2025-03-21T19:24:52.383

Link: CVE-2016-9079

Redhat

Severity : Critical

Publid Date: 2016-12-01T00:00:00Z

Links: CVE-2016-9079 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "50.0.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "45.5.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "45.5.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2016-11-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}], "problemTypes": [{"descriptions": [{"description": "Use-after-free in SVG Animation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-12T09:57:01.000Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "DSA-3730", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2016/dsa-3730"}, {"name": "RHSA-2016:2843", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "1037370", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037370"}, {"name": "42327", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42327/"}, {"name": "RHSA-2016:2850", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}, {"name": "94591", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94591"}, {"name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"name": "41151", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41151/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2016-9079", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "50.0.2"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "45.5.1"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "45.5.1"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use-after-free in SVG Animation"}]}]}, "references": {"reference_data": [{"name": "DSA-3730", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2016/dsa-3730"}, {"name": "RHSA-2016:2843", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"name": "GLSA-201701-35", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "1037370", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037370"}, {"name": "42327", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42327/"}, {"name": "RHSA-2016:2850", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}, {"name": "94591", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94591"}, {"name": "GLSA-201701-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-15"}, {"name": "41151", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41151/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:10.169Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3730", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2016/dsa-3730"}, {"name": "RHSA-2016:2843", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "1037370", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037370"}, {"name": "42327", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42327/"}, {"name": "RHSA-2016:2850", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}, {"name": "94591", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94591"}, {"name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"name": "41151", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41151/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T12:50:20.570667Z", "id": "CVE-2016-9079", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-06-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-9079"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T12:50:23.513Z"}}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2016-9079", "datePublished": "2018-06-11T21:00:00.000Z", "dateReserved": "2016-10-27T00:00:00.000Z", "dateUpdated": "2025-02-07T12:50:23.513Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.debian.org/security/2016/dsa-3730", "name": "DSA-3730", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html", "name": "RHSA-2016:2843", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201701-35", "name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1037370", "name": "1037370", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/42327/", "name": "42327", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html", "name": "RHSA-2016:2850", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/94591", "name": "94591", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201701-15", "name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/41151/", "name": "41151", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:10.169Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2016-9079", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-07T12:50:20.570667Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-06-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-9079"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T12:48:06.658Z"}}], "cna": {"affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "50.0.2", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "45.5.1", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "45.5.1", "versionType": "custom"}]}], "datePublic": "2016-11-30T00:00:00.000Z", "references": [{"url": "https://www.debian.org/security/2016/dsa-3730", "name": "DSA-3730", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html", "name": "RHSA-2016:2843", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://security.gentoo.org/glsa/201701-35", "name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "http://www.securitytracker.com/id/1037370", "name": "1037370", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "https://www.exploit-db.com/exploits/42327/", "name": "42327", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html", "name": "RHSA-2016:2850", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/94591", "name": "94591", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://security.gentoo.org/glsa/201701-15", "name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "https://www.exploit-db.com/exploits/41151/", "name": "41151", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Use-after-free in SVG Animation"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2018-06-12T09:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "50.0.2", "version_affected": "<"}]}, "product_name": "Firefox"}, {"version": {"version_data": [{"version_value": "45.5.1", "version_affected": "<"}]}, "product_name": "Firefox ESR"}, {"version": {"version_data": [{"version_value": "45.5.1", "version_affected": "<"}]}, "product_name": "Thunderbird"}]}, "vendor_name": "Mozilla"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.debian.org/security/2016/dsa-3730", "name": "DSA-3730", "refsource": "DEBIAN"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html", "name": "RHSA-2016:2843", "refsource": "REDHAT"}, {"url": "https://security.gentoo.org/glsa/201701-35", "name": "GLSA-201701-35", "refsource": "GENTOO"}, {"url": "http://www.securitytracker.com/id/1037370", "name": "1037370", "refsource": "SECTRACK"}, {"url": "https://www.exploit-db.com/exploits/42327/", "name": "42327", "refsource": "EXPLOIT-DB"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html", "name": "RHSA-2016:2850", "refsource": "REDHAT"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "name": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/94591", "name": "94591", "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201701-15", "name": "GLSA-201701-15", "refsource": "GENTOO"}, {"url": "https://www.exploit-db.com/exploits/41151/", "name": "41151", "refsource": "EXPLOIT-DB"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use-after-free in SVG Animation"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-9079", "STATE": "PUBLIC", "ASSIGNER": "security@mozilla.org"}}}}, "cveMetadata": {"cveId": "CVE-2016-9079", "state": "PUBLISHED", "dateUpdated": "2025-02-07T12:50:23.513Z", "dateReserved": "2016-10-27T00:00:00.000Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2018-06-11T21:00:00.000Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-07-13", "cisaExploitAdd": "2023-06-22", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C981E74-6ACC-4FA0-A831-041533742304", "versionEndExcluding": "45.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "F500D7C2-53C4-4626-8B8B-628D65A1ED6C", "versionEndExcluding": "50.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "3588FF4A-AF7B-4D59-984E-231679AB6E4B", "versionEndExcluding": "45.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*", "matchCriteriaId": "14724D6F-AC53-48DD-A676-012300727CDC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en SVG Animation. Se ha descubierto un exploit construido sobre esta vulnerabilidad \"in the wild\" que apunta a usuarios de Firefox y Tor Browser en Windows. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.0.2, Firefox ESR en versiones anteriores a la 45.5.1 y Thunderbird en versiones anteriores a la 45.5.1."}], "id": "CVE-2016-9079", "lastModified": "2025-03-21T19:24:52.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2018-06-11T21:29:01.797", "references": [{"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94591"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037370"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2016/dsa-3730"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41151/"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42327/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037370"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2016/dsa-3730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41151/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42327/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2016:2843", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:45.5.1-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-12-01T00:00:00Z"}, {"advisory": "RHSA-2016:2850", "cpe": "cpe:/o:redhat:enterprise_linux:5", "impact": "important", "package": "thunderbird-0:45.5.1-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-12-05T00:00:00Z"}, {"advisory": "RHSA-2016:2843", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:45.5.1-1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-12-01T00:00:00Z"}, {"advisory": "RHSA-2016:2850", "cpe": "cpe:/o:redhat:enterprise_linux:6", "impact": "important", "package": "thunderbird-0:45.5.1-1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-12-05T00:00:00Z"}, {"advisory": "RHSA-2016:2843", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:45.5.1-1.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-12-01T00:00:00Z"}, {"advisory": "RHSA-2016:2850", "cpe": "cpe:/o:redhat:enterprise_linux:7", "impact": "important", "package": "thunderbird-0:45.5.1-1.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-12-05T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Firefox SVG Animation Remote Code Execution (MFSA 2016-92)", "id": "1400376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400376"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "details": ["A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.", "A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox."], "name": "CVE-2016-9079", "public_date": "2016-12-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9079\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9079\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation active

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object