VDB

CVE-2016-9899

CVE-2016-9899 PUBLISHED

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

EPSS 36.42% · 97.2th percentile

Risk Scores

EPSS Score
36.42%
97.2th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSthunderbird1:24.0+build1-0ubuntu1, 1:24.0+build1-0ubuntu2, 1:24.2.0+build1-0ubuntu1
Ubuntu:16.04:LTSthunderbird1:38.5.1+build2-0ubuntu1, *, *
Ubuntu:16.04:LTSfirefox0, 41.0.2+build2-0ubuntu1, 42.0+build2-0ubuntu1
Ubuntu:14.04:LTSfirefox*, 44.0.2+build1-0ubuntu0.14.04.1, 45.0+build2-0ubuntu0.14.04.1

Timeline

  • Dec 13, 2016 CVE Published
  • Jan 14, 2017 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score
  • May 3, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 16, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›