Refine your search
1 vulnerability found for by torproject
CVE-2016-9079 (GCVE-0-2016-9079)
Vulnerability from cvelistv5
Published
2018-06-11 21:00
Modified
2025-10-21 23:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use-after-free in SVG Animation
Summary
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Version: unspecified < 50.0.2 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "RHSA-2016:2843",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"
},
{
"name": "GLSA-201701-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-35"
},
{
"name": "1037370",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037370"
},
{
"name": "42327",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42327/"
},
{
"name": "RHSA-2016:2850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"
},
{
"name": "94591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94591"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "41151",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/41151/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-9079",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:50:20.570667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:50.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-22T00:00:00+00:00",
"value": "CVE-2016-9079 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "45.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox \u003c 50.0.2, Firefox ESR \u003c 45.5.1, and Thunderbird \u003c 45.5.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free in SVG Animation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-3730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "RHSA-2016:2843",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"
},
{
"name": "GLSA-201701-35",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-35"
},
{
"name": "1037370",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037370"
},
{
"name": "42327",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42327/"
},
{
"name": "RHSA-2016:2850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"
},
{
"name": "94591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94591"
},
{
"name": "GLSA-201701-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "41151",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/41151/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-9079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50.0.2"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5.1"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "45.5.1"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox \u003c 50.0.2, Firefox ESR \u003c 45.5.1, and Thunderbird \u003c 45.5.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free in SVG Animation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3730",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3730"
},
{
"name": "RHSA-2016:2843",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"
},
{
"name": "GLSA-201701-35",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-35"
},
{
"name": "1037370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037370"
},
{
"name": "42327",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42327/"
},
{
"name": "RHSA-2016:2850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-92/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"
},
{
"name": "94591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94591"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "41151",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41151/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-9079",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-10-27T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:50.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}