A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NDebian
OSDebian9.0Microsoft Windows
OSMicrosoftwszystkie wersjeMozilla Firefox
APPMozilla< 50.0.2< 45.5.1Mozilla Thunderbird
APPMozilla< 45.5.1Red Hat Enterprise Linux
OSRedhat5.06.07.0Red Hat Enterprise Linux Desktop
OSRedhat5.06.07.0Red Hat Enterprise Linux Server
OSRedhat5.06.07.0Red Hat Enterprise Linux Server Aus
OSRedhat7.37.4Red Hat Enterprise Linux Server Eus
OSRedhat7.37.47.5Red Hat Enterprise Linux Workstation
OSRedhat5.06.07.0Torproject Tor
APPTorprojectwszystkie wersje
CISA KEV — detailsi
- Vendori
- Mozilla ↗
- Producti
- Firefox, Firefox ESR, and Thunderbird
- Added to KEVi
- June 22, 2023
- Remediation deadline (US Federal)i
- July 13, 2023(overdue)
Apply updates per vendor instructions.
Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)