VDB
CVE-2016-9079
CVE-2016-9079
PUBLISHED
KEV
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
EPSS 84.81% · 99.4th percentile
Risk Scores
EPSS Score
84.81%
99.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | thunderbird | 0, 1:38.3.0+build1-0ubuntu2, 1:38.5.1+build2-0ubuntu1 |
| Ubuntu:14.04:LTS | thunderbird | *, 1:24.0+build1-0ubuntu1, 1:24.0+build1-0ubuntu2 |
| Ubuntu:14.04:LTS | firefox | *, *, * |
| Ubuntu:16.04:LTS | firefox | 42.0+build2-0ubuntu1, 44.0+build3-0ubuntu2, 44.0.1+build1-0ubuntu1 |
Exploit Intelligence
- CVE-2016-9079 exploit code as it appeared on https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html (github-poc-repo)
- CVE-2016-9079 exploit code as it appeared on https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html (github-poc-repo)
- CVE-2016-9079 exploit code as it appeared on https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html (github-poc-repo)
- CVE-2016-9079 exploit code as it appeared on https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html (github-poc-repo)
- CVE-2016-9079 exploit code as it appeared on https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html (github-poc-repo)
- CVE-2016-9079 exploit code as it appeared on https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html (github-poc-repo)
- CVE-2016-9079 exploit code as it appeared on https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html (github-poc-repo)
- CVE-2016-9079 exploit code as it appeared on https://lists.torproject.org/pipermail/tor-talk/2016-November/042639.html (github-poc-repo)
- A demo exploit of CVE-2016-9079 on Ubuntu x64 (github-poc-repo)
- A demo exploit of CVE-2016-9079 on Ubuntu x64 (github-poc-repo)
…and 66 more exploits
Timeline
- Nov 30, 2016 CVE Published
- Nov 30, 2016 PoC Published
- Jan 24, 2017 PoC Published
- Jul 15, 2017 PoC Published
- Mar 16, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2016-9079 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ third-party-advisory
- https://ubuntu.com/security/notices/USN-3140-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-3141-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2016-9079 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory