Mozilla Foundation Security Advisory 2016-92

Firefox SVG Animation Remote Code Execution

Announced
November 30, 2016
Impact
critical
Products
Firefox, Firefox ESR, Thunderbird
Fixed in
  • Firefox 50.0.2
  • Firefox ESR 45.5.1
  • Thunderbird 45.5.1

#CVE-2016-9079: Use-after-free in SVG Animation

Reporter
Obscured Team
Impact
critical
Description

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.

References