Search for vulnerabilities
Vulnerability details: VCID-mypy-fthg-aaac
Vulnerability ID VCID-mypy-fthg-aaac
Aliases CVE-2016-9079
Summary A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9079.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2016-2843.html
ssvc Attend http://rhn.redhat.com/errata/RHSA-2016-2843.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2016-2850.html
ssvc Attend http://rhn.redhat.com/errata/RHSA-2016-2850.html
rhas Critical https://access.redhat.com/errata/RHSA-2016:2843
rhas Important https://access.redhat.com/errata/RHSA-2016:2850
cvssv3 7.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json
epss 0.82596 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95334 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95334 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95334 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95334 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95489 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95489 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95489 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95642 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95642 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95642 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.95642 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
cvssv3.1 7.5 https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
ssvc Attend https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=1400376
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2016-9079
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-9079
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-9079
archlinux Critical https://security.archlinux.org/AVG-90
archlinux Critical https://security.archlinux.org/AVG-91
cvssv3.1 7.5 https://security.gentoo.org/glsa/201701-15
ssvc Attend https://security.gentoo.org/glsa/201701-15
cvssv3.1 7.5 https://security.gentoo.org/glsa/201701-35
ssvc Attend https://security.gentoo.org/glsa/201701-35
generic_textual Medium https://ubuntu.com/security/notices/USN-3140-1
generic_textual Medium https://ubuntu.com/security/notices/USN-3141-1
cvssv3.1 7.5 https://www.debian.org/security/2016/dsa-3730
ssvc Attend https://www.debian.org/security/2016/dsa-3730
cvssv3.1 7.5 https://www.exploit-db.com/exploits/41151/
ssvc Attend https://www.exploit-db.com/exploits/41151/
cvssv3.1 7.5 https://www.exploit-db.com/exploits/42327/
ssvc Attend https://www.exploit-db.com/exploits/42327/
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-92
generic_textual Medium https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
cvssv3.1 7.5 https://www.mozilla.org/security/advisories/mfsa2016-92/
ssvc Attend https://www.mozilla.org/security/advisories/mfsa2016-92/
cvssv3.1 7.5 http://www.securityfocus.com/bid/94591
ssvc Attend http://www.securityfocus.com/bid/94591
cvssv3.1 7.5 http://www.securitytracker.com/id/1037370
ssvc Attend http://www.securitytracker.com/id/1037370
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9079.html
http://rhn.redhat.com/errata/RHSA-2016-2843.html
http://rhn.redhat.com/errata/RHSA-2016-2850.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json
https://api.first.org/data/v1/epss?cve=CVE-2016-9079
https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.gentoo.org/glsa/201701-15
https://security.gentoo.org/glsa/201701-35
https://ubuntu.com/security/notices/USN-3140-1
https://ubuntu.com/security/notices/USN-3141-1
https://www.debian.org/security/2016/dsa-3730
https://www.exploit-db.com/exploits/41151/
https://www.exploit-db.com/exploits/42327/
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
https://www.mozilla.org/security/advisories/mfsa2016-92/
http://www.securityfocus.com/bid/94591
http://www.securitytracker.com/id/1037370
1400376 https://bugzilla.redhat.com/show_bug.cgi?id=1400376
ASA-201612-1 https://security.archlinux.org/ASA-201612-1
ASA-201612-2 https://security.archlinux.org/ASA-201612-2
AVG-90 https://security.archlinux.org/AVG-90
AVG-91 https://security.archlinux.org/AVG-91
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2016-9079 Exploit https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb
CVE-2016-9079 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb
CVE-2016-9079 https://nvd.nist.gov/vuln/detail/CVE-2016-9079
CVE-2017-5375;CVE-2016-9079 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html
CVE-2017-5375;CVE-2016-9079 Exploit https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
mfsa2016-92 https://www.mozilla.org/en-US/security/advisories/mfsa2016-92
RHSA-2016:2843 https://access.redhat.com/errata/RHSA-2016:2843
RHSA-2016:2850 https://access.redhat.com/errata/RHSA-2016:2850
USN-3140-1 https://usn.ubuntu.com/3140-1/
USN-3141-1 https://usn.ubuntu.com/3141-1/
Data source Exploit-DB
Date added Jan. 24, 2017
Description Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit)
Ransomware campaign use Known
Source publication date Jan. 24, 2017
Exploit type remote
Platform windows
Source update date Jan. 25, 2017
Source URL https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb
Data source KEV
Date added June 22, 2023
Description Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
Required action Apply updates per vendor instructions.
Due date July 13, 2023
Note 
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079; https://nvd.nist.gov/vuln/detail/CVE-2016-9079
Ransomware campaign use Unknown
Data source Metasploit
Description This module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.
Note 
{}
Ransomware campaign use Unknown
Source publication date Nov. 30, 2016
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/browser/firefox_smil_uaf.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2843.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-2843.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2850.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-2850.html
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-9079
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-9079
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-9079
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/201701-15
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://security.gentoo.org/glsa/201701-15
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/201701-35
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://security.gentoo.org/glsa/201701-35
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2016/dsa-3730
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://www.debian.org/security/2016/dsa-3730
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.exploit-db.com/exploits/41151/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://www.exploit-db.com/exploits/41151/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.exploit-db.com/exploits/42327/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://www.exploit-db.com/exploits/42327/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2016-92/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://www.mozilla.org/security/advisories/mfsa2016-92/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.securityfocus.com/bid/94591
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at http://www.securityfocus.com/bid/94591
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.securitytracker.com/id/1037370
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at http://www.securitytracker.com/id/1037370
Exploit Prediction Scoring System (EPSS)
Percentile 0.99034
EPSS Score 0.82596
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.