TROYANOSYVIRUS
Volver a CVEs

CVE-2016-9079

HIGHCISA KEV
7.5

Descripcion

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

Detalles CVE

Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado6/11/2018
Ultima modificacion11/4/2025
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorMozilla
ProductoFirefox, Firefox ESR, and Thunderbird
Nombre vulnerabilidadMozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
Fecha inclusion KEV2023-06-22
Fecha limite remediacion2023-07-13
Uso en ransomwareUnknown

Productos afectados

debian:debian_linuxmicrosoft:windowsmozilla:firefoxmozilla:thunderbirdredhat:enterprise_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_workstationtorproject:tor

Debilidades (CWE)

CWE-416CWE-416

Referencias

http://rhn.redhat.com/errata/RHSA-2016-2843.html(security@mozilla.org)
http://rhn.redhat.com/errata/RHSA-2016-2850.html(security@mozilla.org)
http://www.securityfocus.com/bid/94591(security@mozilla.org)
http://www.securitytracker.com/id/1037370(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1321066(security@mozilla.org)
https://security.gentoo.org/glsa/201701-15(security@mozilla.org)
https://security.gentoo.org/glsa/201701-35(security@mozilla.org)
https://www.debian.org/security/2016/dsa-3730(security@mozilla.org)
https://www.exploit-db.com/exploits/41151/(security@mozilla.org)
https://www.exploit-db.com/exploits/42327/(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2016-92/(security@mozilla.org)
http://rhn.redhat.com/errata/RHSA-2016-2843.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2850.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/94591(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037370(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1321066(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-15(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-35(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2016/dsa-3730(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/41151/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42327/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2016-92/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.