← Voltar para CVEs
CVE-2016-9079
HIGHCISA KEV7.5
Descricao
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado6/11/2018
Ultima modificacao11/4/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMozilla
ProdutoFirefox, Firefox ESR, and Thunderbird
Nome da vulnerabilidadeMozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
Data inclusao KEV2023-06-22
Prazo de remediacao2023-07-13
Uso em ransomwareUnknown
Produtos afetados
debian:debian_linuxmicrosoft:windowsmozilla:firefoxmozilla:thunderbirdredhat:enterprise_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_workstationtorproject:tor
Fraquezas (CWE)
CWE-416CWE-416
Referencias
http://rhn.redhat.com/errata/RHSA-2016-2843.html(security@mozilla.org)
http://rhn.redhat.com/errata/RHSA-2016-2850.html(security@mozilla.org)
http://www.securityfocus.com/bid/94591(security@mozilla.org)
http://www.securitytracker.com/id/1037370(security@mozilla.org)
https://bugzilla.mozilla.org/show_bug.cgi?id=1321066(security@mozilla.org)
https://security.gentoo.org/glsa/201701-15(security@mozilla.org)
https://security.gentoo.org/glsa/201701-35(security@mozilla.org)
https://www.debian.org/security/2016/dsa-3730(security@mozilla.org)
https://www.exploit-db.com/exploits/41151/(security@mozilla.org)
https://www.exploit-db.com/exploits/42327/(security@mozilla.org)
https://www.mozilla.org/security/advisories/mfsa2016-92/(security@mozilla.org)
http://rhn.redhat.com/errata/RHSA-2016-2843.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2850.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/94591(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037370(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1321066(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-15(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-35(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2016/dsa-3730(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/41151/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42327/(af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2016-92/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.