cve/2016/CVE-2016-9079.md

### [CVE-2016-9079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2045.5.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2050.0.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use-after-free%20in%20SVG%20Animation&color=brighgreen)

### Description

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
- https://www.exploit-db.com/exploits/41151/
- https://www.exploit-db.com/exploits/42327/

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/LakshmiDesai/CVE-2016-9079
- https://github.com/LyleMi/dom-vuln-db
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/RUB-SysSec/PrimGen
- https://github.com/Tau-hub/Firefox-CVE-2016-9079
- https://github.com/Thuynh808/Qualys-Quest-Analysis
- https://github.com/ZihanYe/web-browser-vulnerabilities
- https://github.com/auditt7708/rhsecapi
- https://github.com/dangokyo/CVE-2016-9079
- https://github.com/hwiwonl/dayone
- https://github.com/i0gan/cve
- https://github.com/soham23/firefox-rce-nssmil
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2016-9079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079)`
			`![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%2045.5.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3C%2050.0.2%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Use-after-free%20in%20SVG%20Animation&color=brighgreen)`

			`### Description`

			`A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.`

			`### POC`

			`#### Reference`
			`- https://bugzilla.mozilla.org/show_bug.cgi?id=1321066`
			`- https://www.exploit-db.com/exploits/41151/`
			`- https://www.exploit-db.com/exploits/42327/`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/LakshmiDesai/CVE-2016-9079`
			`- https://github.com/LyleMi/dom-vuln-db`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/RUB-SysSec/PrimGen`
			`- https://github.com/Tau-hub/Firefox-CVE-2016-9079`
			`- https://github.com/Thuynh808/Qualys-Quest-Analysis`
			`- https://github.com/ZihanYe/web-browser-vulnerabilities`
			`- https://github.com/auditt7708/rhsecapi`
			`- https://github.com/dangokyo/CVE-2016-9079`
			`- https://github.com/hwiwonl/dayone`
			`- https://github.com/i0gan/cve`
			`- https://github.com/soham23/firefox-rce-nssmil`