CVE-2016-9079
firefox-esr - security update
7.5
HIGH
CVSS 3.1
⚠ KEVEPSS 84.8%
Description
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
How to fix CVE-2016-9079
To remediate CVE-2016-9079, upgrade the affected package to a fixed version below.
- —upgrade to 45.5.1esr-1 or later
- —upgrade to 45.5.1esr-1~deb8u1 or later
Is CVE-2016-9079 being exploited?
Yes — CVE-2016-9079 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (2)
- from 0, < 45.5.1esr-1
- from 0, < 45.5.1esr-1~deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |