{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "50.0.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "45.5.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "45.5.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2016-11-30T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}], "problemTypes": [{"descriptions": [{"description": "Use-after-free in SVG Animation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-12T09:57:01.000Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"name": "DSA-3730", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2016/dsa-3730"}, {"name": "RHSA-2016:2843", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "1037370", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037370"}, {"name": "42327", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42327/"}, {"name": "RHSA-2016:2850", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}, {"name": "94591", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94591"}, {"name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"name": "41151", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/41151/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2016-9079", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "50.0.2"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "45.5.1"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "45.5.1"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use-after-free in SVG Animation"}]}]}, "references": {"reference_data": [{"name": "DSA-3730", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2016/dsa-3730"}, {"name": "RHSA-2016:2843", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"name": "GLSA-201701-35", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "1037370", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037370"}, {"name": "42327", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42327/"}, {"name": "RHSA-2016:2850", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}, {"name": "94591", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94591"}, {"name": "GLSA-201701-15", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201701-15"}, {"name": "41151", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/41151/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:10.169Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3730", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2016/dsa-3730"}, {"name": "RHSA-2016:2843", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"name": "1037370", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1037370"}, {"name": "42327", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42327/"}, {"name": "RHSA-2016:2850", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}, {"name": "94591", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94591"}, {"name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"name": "41151", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/41151/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2016-9079", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-07T12:50:20.570667Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-06-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "timeline": [{"time": "2023-06-22T00:00:00+00:00", "lang": "en", "value": "CVE-2016-9079 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:45:50.578Z"}}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2016-9079", "datePublished": "2018-06-11T21:00:00.000Z", "dateReserved": "2016-10-27T00:00:00.000Z", "dateUpdated": "2025-10-21T23:45:50.578Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.debian.org/security/2016/dsa-3730", "name": "DSA-3730", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html", "name": "RHSA-2016:2843", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201701-35", "name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1037370", "name": "1037370", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/42327/", "name": "42327", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html", "name": "RHSA-2016:2850", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/94591", "name": "94591", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201701-15", "name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/41151/", "name": "41151", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:42:10.169Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2016-9079", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-07T12:50:20.570667Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-06-22", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079"}}}], "timeline": [{"lang": "en", "time": "2023-06-22T00:00:00+00:00", "value": "CVE-2016-9079 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T12:48:06.658Z"}}], "cna": {"affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "50.0.2", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "45.5.1", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "45.5.1", "versionType": "custom"}]}], "datePublic": "2016-11-30T00:00:00.000Z", "references": [{"url": "https://www.debian.org/security/2016/dsa-3730", "name": "DSA-3730", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html", "name": "RHSA-2016:2843", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://security.gentoo.org/glsa/201701-35", "name": "GLSA-201701-35", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "http://www.securitytracker.com/id/1037370", "name": "1037370", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "https://www.exploit-db.com/exploits/42327/", "name": "42327", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html", "name": "RHSA-2016:2850", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/94591", "name": "94591", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://security.gentoo.org/glsa/201701-15", "name": "GLSA-201701-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "https://www.exploit-db.com/exploits/41151/", "name": "41151", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Use-after-free in SVG Animation"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2018-06-12T09:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "50.0.2", "version_affected": "<"}]}, "product_name": "Firefox"}, {"version": {"version_data": [{"version_value": "45.5.1", "version_affected": "<"}]}, "product_name": "Firefox ESR"}, {"version": {"version_data": [{"version_value": "45.5.1", "version_affected": "<"}]}, "product_name": "Thunderbird"}]}, "vendor_name": "Mozilla"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.debian.org/security/2016/dsa-3730", "name": "DSA-3730", "refsource": "DEBIAN"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html", "name": "RHSA-2016:2843", "refsource": "REDHAT"}, {"url": "https://security.gentoo.org/glsa/201701-35", "name": "GLSA-201701-35", "refsource": "GENTOO"}, {"url": "http://www.securitytracker.com/id/1037370", "name": "1037370", "refsource": "SECTRACK"}, {"url": "https://www.exploit-db.com/exploits/42327/", "name": "42327", "refsource": "EXPLOIT-DB"}, {"url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html", "name": "RHSA-2016:2850", "refsource": "REDHAT"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "name": "https://www.mozilla.org/security/advisories/mfsa2016-92/", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/94591", "name": "94591", "refsource": "BID"}, {"url": "https://security.gentoo.org/glsa/201701-15", "name": "GLSA-201701-15", "refsource": "GENTOO"}, {"url": "https://www.exploit-db.com/exploits/41151/", "name": "41151", "refsource": "EXPLOIT-DB"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use-after-free in SVG Animation"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-9079", "STATE": "PUBLIC", "ASSIGNER": "security@mozilla.org"}}}}, "cveMetadata": {"cveId": "CVE-2016-9079", "state": "PUBLISHED", "dateUpdated": "2025-10-21T23:45:50.578Z", "dateReserved": "2016-10-27T00:00:00.000Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2018-06-11T21:00:00.000Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-07-13", "cisaExploitAdd": "2023-06-22", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C981E74-6ACC-4FA0-A831-041533742304", "versionEndExcluding": "45.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "F500D7C2-53C4-4626-8B8B-628D65A1ED6C", "versionEndExcluding": "50.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "3588FF4A-AF7B-4D59-984E-231679AB6E4B", "versionEndExcluding": "45.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:torproject:tor:-:*:*:*:*:*:*:*", "matchCriteriaId": "14724D6F-AC53-48DD-A676-012300727CDC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en SVG Animation. Se ha descubierto un exploit construido sobre esta vulnerabilidad \"in the wild\" que apunta a usuarios de Firefox y Tor Browser en Windows. La vulnerabilidad afecta a Firefox en versiones anteriores a la 50.0.2, Firefox ESR en versiones anteriores a la 45.5.1 y Thunderbird en versiones anteriores a la 45.5.1."}], "id": "CVE-2016-9079", "lastModified": "2025-10-22T00:15:57.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2018-06-11T21:29:01.797", "references": [{"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94591"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037370"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2016/dsa-3730"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41151/"}, {"source": "security@mozilla.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42327/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2843.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2850.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037370"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201701-35"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2016/dsa-3730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/41151/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42327/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2016-92/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-9079"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2016:2843", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:45.5.1-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-12-01T00:00:00Z"}, {"advisory": "RHSA-2016:2850", "cpe": "cpe:/o:redhat:enterprise_linux:5", "impact": "important", "package": "thunderbird-0:45.5.1-1.el5_11", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-12-05T00:00:00Z"}, {"advisory": "RHSA-2016:2843", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:45.5.1-1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-12-01T00:00:00Z"}, {"advisory": "RHSA-2016:2850", "cpe": "cpe:/o:redhat:enterprise_linux:6", "impact": "important", "package": "thunderbird-0:45.5.1-1.el6_8", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-12-05T00:00:00Z"}, {"advisory": "RHSA-2016:2843", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:45.5.1-1.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-12-01T00:00:00Z"}, {"advisory": "RHSA-2016:2850", "cpe": "cpe:/o:redhat:enterprise_linux:7", "impact": "important", "package": "thunderbird-0:45.5.1-1.el7_3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-12-05T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Firefox SVG Animation Remote Code Execution (MFSA 2016-92)", "id": "1400376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1400376"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified"}, "details": ["A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.", "A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox."], "name": "CVE-2016-9079", "public_date": "2016-12-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-9079\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9079\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}