HIGH🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2016-9079

CVSS 7.5v3.1pub. 2018-06-11upd. 2025-11-04

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Debian

    OS
    Debian
    9.0
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Mozilla Firefox

    APP
    Mozilla
    < 50.0.2< 45.5.1
  • Mozilla Thunderbird

    APP
    Mozilla
    < 45.5.1
  • Red Hat Enterprise Linux

    OS
    Redhat
    5.06.07.0
  • Red Hat Enterprise Linux Desktop

    OS
    Redhat
    5.06.07.0
  • Red Hat Enterprise Linux Server

    OS
    Redhat
    5.06.07.0
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    7.37.4
  • Red Hat Enterprise Linux Server Eus

    OS
    Redhat
    7.37.47.5
  • Red Hat Enterprise Linux Workstation

    OS
    Redhat
    5.06.07.0
  • Torproject Tor

    APP
    Torproject
    wszystkie wersje

CISA KEV — detailsi

Vendori
Mozilla
Producti
Firefox, Firefox ESR, and Thunderbird
Added to KEVi
June 22, 2023
Remediation deadline (US Federal)i
July 13, 2023(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 13 lipca 2023
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt

GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt

RCE przez deserializację PHP w Roundcube Webmail (parametr _from)