CVE-2016-9079
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 27, 2016
- Published Date
- June 11, 2018
- Last Updated
- February 07, 2025
- Vendor
- Mozilla
- Product
- Firefox, Firefox ESR, Thunderbird
- Description
- A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
SSVC Information
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2023-06-22 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/firefox_smil_uaf.rb | 2025-04-29 11:01:30 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
firefox_smil_uaf
Type: metasploit • Created: Unknown
Tau-hub/Firefox-CVE-2016-9079
Type: github • Created: 2021-10-08 21:44:13 UTC • Stars: 1
dangokyo/CVE-2016-9079
Type: github • Created: 2018-07-29 12:55:27 UTC • Stars: 7
LakshmiDesai/CVE-2016-9079
Type: github • Created: 2017-02-08 07:41:37 UTC • Stars: 1
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Added to KEVIntel
-
Detected by Metasploit