Vulnerabilities > CVE-2016-9079 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution. CVE-2016-9079,CVE-2017-5375. Remote exploit for Windows platform file exploits/windows/remote/42327.html id EDB-ID:42327 last seen 2017-07-14 modified 2017-07-14 platform windows port published 2017-07-14 reporter Exploit-DB source https://www.exploit-db.com/download/42327/ title Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution type remote description Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit). CVE-2016-9079. Remote exploit for Windows platfor... file exploits/windows/remote/41151.rb id EDB-ID:41151 last seen 2017-01-25 modified 2017-01-24 platform windows port published 2017-01-24 reporter Exploit-DB source https://www.exploit-db.com/download/41151/ title Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit) type remote
Metasploit
| description | This module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/FIREFOX_SMIL_UAF |
| last seen | 2020-06-10 |
| modified | 2017-07-24 |
| published | 2017-01-20 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/firefox_smil_uaf.rb |
| title | Firefox nsSMILTimeContainer::NotifyTimeChange() RCE |
Nessus
NASL family Windows NASL id MOZILLA_FIREFOX_45_5_1_ESR.NASL description The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 95474 published 2016-12-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95474 title Mozilla Firefox ESR 45.x < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(95474); script_version("1.9"); script_cvs_date("Date: 2019/11/13"); script_cve_id("CVE-2016-9079"); script_bugtraq_id(94591); script_xref(name:"MFSA", value:"2016-92"); script_xref(name:"CERT", value:"791496"); script_name(english:"Mozilla Firefox ESR 45.x < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE"); script_summary(english:"Checks the version of Firefox."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code."); script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/"); script_set_attribute(attribute:"solution", value: "Upgrade to Mozilla Firefox ESR version 45.5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-9079"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Firefox nsSMILTimeContainer::NotifyTimeChange() RCE'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/29"); script_set_attribute(attribute:"patch_publication_date", value:"2016/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mozilla_org_installed.nasl"); script_require_keys("Mozilla/Firefox/Version"); exit(0); } include("mozilla_version.inc"); port = get_kb_item("SMB/transport"); if (!port) port = 445; installs = get_kb_list("SMB/Mozilla/Firefox/*"); if (isnull(installs)) audit(AUDIT_NOT_INST, "Firefox"); mozilla_check_version(installs:installs, product:'firefox', esr:TRUE, fix:'45.5.1', min:'45.0', severity:SECURITY_WARNING);NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_45_5_1_ESR.NASL description The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 95471 published 2016-12-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95471 title Mozilla Firefox ESR 45.x < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE (macOS) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1392.NASL description MozillaFirefox is updated to version 50.0.2 which fixes the following issues : - Firefox crashed with 3rd party Chinese IME when using IME text (fixed in version 50.0.1) - Redirection from an HTTP connection to a data: URL could inherit wrong origin after an HTTP redirect (fixed in version 50.0.1, bmo#1317641, MFSA 2016-91, boo#1012807, CVE-2016-9078) - Maliciously crafted SVG animations could cause remote code execution (fixed in version 50.0.2, bmo#1321066, MFSA 2016-92, boo##1012964, CVE-2016-9079) last seen 2020-06-05 modified 2016-12-06 plugin id 95552 published 2016-12-06 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95552 title openSUSE Security Update : MozillaFirefox (openSUSE-2016-1392) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-336-02.NASL description New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95443 published 2016-12-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95443 title Slackware 14.1 / 14.2 / current : mozilla-thunderbird (SSA:2016-336-02) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3730.NASL description Multiple security issues have been found in Icedove, Debian last seen 2020-06-01 modified 2020-06-02 plugin id 95666 published 2016-12-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95666 title Debian DSA-3730-1 : icedove - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-3105-1.NASL description This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026) : - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92) - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 : - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed : - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95797 published 2016-12-14 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95797 title SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3105-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1393.NASL description This update contains Mozilla Thunderbird 45.5.1 and fixes one vulnerability. In Mozilla Thunderbird, this vulnerability may be exploited when used in a browser-like context. - CVE-2016-9079: SVG Animation Remote Code Execution (MFSA 2016-92, bsc#1012964, bmo#1321066) last seen 2020-06-05 modified 2016-12-06 plugin id 95553 published 2016-12-06 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95553 title openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-1393) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3141-1.NASL description Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5290) A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. (CVE-2016-5291) A heap buffer-overflow was discovered in Cairo when processing SVG content. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5296) An error was discovered in argument length checking in JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-5297) A buffer overflow was discovered in nsScriptLoadHandler. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9066) A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95426 published 2016-12-01 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95426 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : thunderbird vulnerabilities (USN-3141-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1012.NASL description According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079,CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905,CVE-2017-5373,CVE-2017-5375,CVE-2017-5376 ,CVE-2017-5378,CVE-2017-5380,CVE-2017-5383,CVE-2017-538 6,CVE-2017-5390,CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99858 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99858 title EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1012) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1011.NASL description According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079,CVE-2016-9893,CVE-2016-9895,CVE-2016-989 7,CVE-2016-9898,CVE-2016-9899,CVE-2016-9900,CVE-2016-99 01,CVE-2016-9902,CVE-2016-9904,CVE-2016-9905,CVE-2017-5 373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99857 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99857 title EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1011) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3140-1.NASL description It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2016-9078) A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-9079). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95425 published 2016-12-01 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95425 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : firefox vulnerabilities (USN-3140-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_18F39FB674004063ACAF0806E92C094F.NASL description The Mozilla Foundation reports : A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. last seen 2020-06-01 modified 2020-06-02 plugin id 95450 published 2016-12-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95450 title FreeBSD : Mozilla -- SVG Animation Remote Code Execution (18f39fb6-7400-4063-acaf-0806e92c094f) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-3048-1.NASL description This update for MozillaFirefox fixes security issues. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bbsc#1012964) : - CVE-2016-9079: Use-after-free in SVG Animation could be used for code execution (MFSA 2016-92 bsc#1012964) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95627 published 2016-12-08 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95627 title SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2016:3048-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1407.NASL description This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) : - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443) - CVE-2016-5292: URL parsing causes crash (bmo#1288482) - CVE-2016-5297: Incorrect argument length checking in JavaScript (bmo#1303678) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686) - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069)) - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324) - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159) - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071) - CVE-2016-9073: windows.create schema doesn last seen 2020-06-05 modified 2016-12-07 plugin id 95590 published 2016-12-07 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95590 title openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-336-01.NASL description New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95442 published 2016-12-01 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95442 title Slackware 14.1 / 14.2 / current : mozilla-firefox (SSA:2016-336-01) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-35.NASL description The remote host is affected by the vulnerability described in GLSA-201701-35 (Mozilla SeaMonkey: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96515 published 2017-01-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96515 title GLSA-201701-35 : Mozilla SeaMonkey: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_THUNDERBIRD_45_5_1.NASL description The version of Mozilla Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 95473 published 2016-12-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95473 title Mozilla Thunderbird < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE (macOS) NASL family Scientific Linux Local Security Checks NASL id SL_20161201_FIREFOX_ON_SL5_X.NASL description This update upgrades Firefox to version 45.5.1 ESR. Security Fix(es) : - A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079) last seen 2020-03-18 modified 2016-12-15 plugin id 95869 published 2016-12-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95869 title Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20161201) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2850.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix(es) : * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-05-31 modified 2016-12-06 plugin id 95562 published 2016-12-06 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95562 title RHEL 5 / 6 / 7 : thunderbird (RHSA-2016:2850) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3728.NASL description A use-after-free vulnerability in the SVG Animation was discovered in the Mozilla Firefox web browser, allowing a remote attacker to cause a denial of service (application crash) or execute arbitrary code, if a user is tricked into opening a specially crafted website. last seen 2020-06-01 modified 2020-06-02 plugin id 95445 published 2016-12-01 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95445 title Debian DSA-3728-1 : firefox-esr - security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2850.NASL description An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix(es) : * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-05-31 modified 2016-12-07 plugin id 95576 published 2016-12-07 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95576 title CentOS 5 / 6 / 7 : thunderbird (CESA-2016:2850) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2843.NASL description An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix(es) : * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-05-31 modified 2016-12-02 plugin id 95465 published 2016-12-02 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95465 title RHEL 5 / 6 / 7 : firefox (RHSA-2016:2843) NASL family MacOS X Local Security Checks NASL id MACOSX_FIREFOX_50_0_2.NASL description The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 50.0.2. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 95472 published 2016-12-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95472 title Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE (macOS) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2843.NASL description An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix(es) : * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 95484 published 2016-12-05 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95484 title CentOS 5 / 6 / 7 : firefox (CESA-2016:2843) NASL family Windows NASL id MOZILLA_THUNDERBIRD_45_5_1.NASL description The version of Mozilla Thunderbird installed on the remote Windows host is prior to 45.5.1. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 95476 published 2016-12-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95476 title Mozilla Thunderbird < 45.5.1 nsSMILTimeContainer.cpp SVG Animation RCE NASL family Windows NASL id MOZILLA_FIREFOX_50_0_2.NASL description The version of Mozilla Firefox installed on the remote Windows host is prior to 50.0.2. It is, therefore, affected by a use-after-free error in dom/smil/nsSMILTimeContainer.cpp when handling SVG animations. An unauthenticated, remote attacker can exploit this issue, via a specially crafted web page, to deference already freed memory, resulting in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 95475 published 2016-12-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95475 title Mozilla Firefox < 50.0.2 nsSMILTimeContainer.cpp SVG Animation RCE NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2850.NASL description From Red Hat Security Advisory 2016:2850 : An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix(es) : * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-05-31 modified 2016-12-06 plugin id 95561 published 2016-12-06 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95561 title Oracle Linux 6 / 7 : thunderbird (ELSA-2016-2850) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-752.NASL description Multiple security issues have been found in Icedove, Debian last seen 2020-03-17 modified 2016-12-20 plugin id 96013 published 2016-12-20 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96013 title Debian DLA-752-1 : icedove security update NASL family Scientific Linux Local Security Checks NASL id SL_20161205_THUNDERBIRD_ON_SL5_X.NASL description This update upgrades Thunderbird to version 45.5.1. Security Fix(es) : - A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079) last seen 2020-03-18 modified 2016-12-15 plugin id 95870 published 2016-12-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95870 title Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20161205) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-15.NASL description The remote host is affected by the vulnerability described in GLSA-201701-15 (Mozilla Firefox, Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition via multiple vectors. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96276 published 2017-01-04 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96276 title GLSA-201701-15 : Mozilla Firefox, Thunderbird: Multiple vulnerabilities (SWEET32) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-3080-1.NASL description This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964) : - CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92 bsc#1012964) - CVE-2016-5297: Incorrect argument length checking in JavaScript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3 : - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed : - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95712 published 2016-12-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95712 title SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2016:3080-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2843.NASL description From Red Hat Security Advisory 2016:2843 : An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix(es) : * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. last seen 2020-05-31 modified 2016-12-02 plugin id 95464 published 2016-12-02 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95464 title Oracle Linux 5 / 6 / 7 : firefox (ELSA-2016-2843)
Packetstorm
data source https://packetstormsecurity.com/files/download/143373/firefox5001-exec.txt id PACKETSTORM:143373 last seen 2017-07-15 published 2017-07-14 reporter Rh0 source https://packetstormsecurity.com/files/143373/Firefox-50.0.1-ASM.JS-JIT-Spray-Remote-Code-Execution.html title Firefox 50.0.1 ASM.JS JIT-Spray Remote Code Execution data source https://packetstormsecurity.com/files/download/140696/firefox_smil_uaf.rb.txt id PACKETSTORM:140696 last seen 2017-01-24 published 2017-01-24 reporter Anonymous Gaijin source https://packetstormsecurity.com/files/140696/Firefox-nsSMILTimeContainer-NotifyTimeChange-Remote-Code-Execution.html title Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:92560 |
| last seen | 2017-11-19 |
| modified | 2016-11-30 |
| published | 2016-11-30 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-92560 |
| title | New Firefox/Tor Browser 0-day vulnerability (CVE-2016-9079) |
The Hacker News
| id | THN:67A8D3C888F0DA741B9FCF426B24B639 |
| last seen | 2018-01-27 |
| modified | 2016-12-01 |
| published | 2016-11-30 |
| reporter | Mohit Kumar |
| source | https://thehackernews.com/2016/11/firefox-tor-update.html |
| title | UPDATE Firefox and Tor to Patch Critical Zero-day Vulnerability |
Related news
References
- https://www.mozilla.org/security/advisories/mfsa2016-92/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
- https://www.exploit-db.com/exploits/42327/
- https://www.exploit-db.com/exploits/41151/
- https://www.debian.org/security/2016/dsa-3730
- https://security.gentoo.org/glsa/201701-35
- https://security.gentoo.org/glsa/201701-15
- http://www.securitytracker.com/id/1037370
- http://www.securityfocus.com/bid/94591
- http://rhn.redhat.com/errata/RHSA-2016-2850.html
- http://rhn.redhat.com/errata/RHSA-2016-2843.html