CVE-2016-9079
Published: 30 November 2016
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
upstream |
Released
(50.0.2)
|
precise |
Released
(50.0.2+build1-0ubuntu0.12.04.1)
|
|
xenial |
Released
(50.0.2+build1-0ubuntu0.16.04.1)
|
|
yakkety |
Released
(50.0.2+build1-0ubuntu0.16.10.1)
|
|
trusty |
Released
(50.0.2+build1-0ubuntu0.14.04.1)
|
|
thunderbird Launchpad, Ubuntu, Debian |
upstream |
Released
(45.5.1)
|
precise |
Released
(1:45.5.1+build1-0ubuntu0.12.04.1)
|
|
xenial |
Released
(1:45.5.1+build1-0ubuntu0.16.04.1)
|
|
yakkety |
Released
(1:45.5.1+build1-0ubuntu0.16.10.1)
|
|
trusty |
Released
(1:45.5.1+build1-0ubuntu0.14.04.1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |