CVE-2016-9079 — Vulnetix

Try Vulnetix Request Demo

CVE-2016-9079 PUBLISHED KEV

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

EPSS 84.81% · 99.3th percentile

Risk Scores

EPSS Score

84.81%

99.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	thunderbird	1:45.4.0+build1-0ubuntu0.16.04.1, 1:45.3.0+build1-0ubuntu0.16.04.2, 1:45.2.0+build1-0ubuntu0.16.04.1
Ubuntu:14.04:LTS	thunderbird	1:31.0+build1-0ubuntu0.14.04.1, 1:31.1.1+build1-0ubuntu0.14.04.1, 1:31.1.2+build1-0ubuntu0.14.04.1
Ubuntu:14.04:LTS	firefox	45.0.1+build1-0ubuntu0.14.04.2, 45.0.2+build1-0ubuntu0.14.04.1, 46.0+build5-0ubuntu0.14.04.2
Ubuntu:16.04:LTS	firefox	46.0+build5-0ubuntu0.16.04.2, 46.0.1+build1-0ubuntu0.16.04.2, 47.0+build3-0ubuntu0.16.04.1

Timeline

Nov 30, 2016 CVE Published
Nov 30, 2016 PoC Published
Jan 24, 2017 PoC Published
Jul 15, 2017 PoC Published
Mar 16, 2018 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2016-9079 third-party-advisory
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ third-party-advisory
https://ubuntu.com/security/notices/USN-3140-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3141-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2016-9079 third-party-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory

Open in Interactive Console →