1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: FireFox CVE-2016-9079

Web Attack: FireFox CVE-2016-9079

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.

Additional Information

Mozilla Firefox is prone to a remote code-execution vulnerability due to a use-after-free error in the 'SVG' animation functionality. Specifically, this issue affects the 'nsSMILTimeContainer' object in the 'nsSMILTimeContainer::NotifyTimeChange()' function.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause a denial-of-service condition.

Note: This issue was previously titled 'Mozilla Firefox Unspecified Remote Code Execution Vulnerability'. The title has been changed to better reflect security impact and the vulnerability information.

Affected

  • This issue has been fixed in:
  • Firefox 50.0.2
  • Firefox ESR 45.5.1
  • Thunderbird 45.5.1
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube