CyberSec.Space Logo
Back to CVE Browser

CVE-2016-9079

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score48.2750%
EPSS Percentile88.66th
PublishedJun 11, 2018
Last ModifiedNov 4, 2025

Vulnerability Description

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

Affected Platforms (CPE)

πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Redhat

Enterprise Linux

= 5.0
πŸ’»
Redhat

Enterprise Linux

= 6.0
πŸ’»
Redhat

Enterprise Linux

= 7.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 5.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 6.0
πŸ’»
Redhat

Enterprise Linux Desktop

= 7.0
πŸ’»
Redhat

Enterprise Linux Server

= 5.0
πŸ’»
Redhat

Enterprise Linux Server

= 6.0
πŸ’»
Redhat

Enterprise Linux Server

= 7.0
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.3
πŸ’»
Redhat

Enterprise Linux Server Aus

= 7.4
πŸ’»
Redhat

Enterprise Linux Server Eus

= 7.3
πŸ’»
Redhat

Enterprise Linux Server Eus

= 7.4
πŸ’»
Redhat

Enterprise Linux Server Eus

= 7.5
πŸ’»
Redhat

Enterprise Linux Workstation

= 5.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 6.0
πŸ’»
Redhat

Enterprise Linux Workstation

= 7.0
πŸ“¦
Mozilla

Thunderbird

< 45.5.1
πŸ“¦
Mozilla

Firefox

< 50.0.2
πŸ“¦
Mozilla

Firefox

< 45.5.1
πŸ“¦
Torproject

Tor

All versions

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2016-2843.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2016-2850.html
πŸ”— http://www.securityfocus.com/bid/94591
πŸ”— http://www.securitytracker.com/id/1037370
πŸ”— https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
πŸ”— https://security.gentoo.org/glsa/201701-15
πŸ”— https://security.gentoo.org/glsa/201701-35
πŸ”— https://www.debian.org/security/2016/dsa-3730

Related Vulnerabilities

CVE-1999-069810.0

Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux.

CVE-2026-234628.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HIDP: Fix possible UAF This fixes the following t...

CVE-2006-70948.5

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bi...

CVE-2026-231717.8

In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave a...