Search for vulnerabilities
Vulnerability details: VCID-xsjn-fjrv-hfa8
Vulnerability ID VCID-xsjn-fjrv-hfa8
Aliases CVE-2016-9079
Summary A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2016-2843.html
ssvc Attend http://rhn.redhat.com/errata/RHSA-2016-2843.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2016-2850.html
ssvc Attend http://rhn.redhat.com/errata/RHSA-2016-2850.html
cvssv3 7.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
epss 0.84964 https://api.first.org/data/v1/epss?cve=CVE-2016-9079
cvssv3.1 7.5 https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
ssvc Attend https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
cvssv2 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2016-9079
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2016-9079
archlinux Critical https://security.archlinux.org/AVG-90
archlinux Critical https://security.archlinux.org/AVG-91
cvssv3.1 7.5 https://security.gentoo.org/glsa/201701-15
ssvc Attend https://security.gentoo.org/glsa/201701-15
cvssv3.1 7.5 https://security.gentoo.org/glsa/201701-35
ssvc Attend https://security.gentoo.org/glsa/201701-35
cvssv3.1 7.5 https://www.debian.org/security/2016/dsa-3730
ssvc Attend https://www.debian.org/security/2016/dsa-3730
cvssv3.1 7.5 https://www.exploit-db.com/exploits/41151/
ssvc Attend https://www.exploit-db.com/exploits/41151/
cvssv3.1 7.5 https://www.exploit-db.com/exploits/42327/
ssvc Attend https://www.exploit-db.com/exploits/42327/
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-92
cvssv3.1 7.5 https://www.mozilla.org/security/advisories/mfsa2016-92/
ssvc Attend https://www.mozilla.org/security/advisories/mfsa2016-92/
cvssv3.1 7.5 http://www.securityfocus.com/bid/94591
ssvc Attend http://www.securityfocus.com/bid/94591
cvssv3.1 7.5 http://www.securitytracker.com/id/1037370
ssvc Attend http://www.securitytracker.com/id/1037370
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json
https://api.first.org/data/v1/epss?cve=CVE-2016-9079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1037370 http://www.securitytracker.com/id/1037370
1400376 https://bugzilla.redhat.com/show_bug.cgi?id=1400376
201701-15 https://security.gentoo.org/glsa/201701-15
201701-35 https://security.gentoo.org/glsa/201701-35
41151 https://www.exploit-db.com/exploits/41151/
42327 https://www.exploit-db.com/exploits/42327/
94591 http://www.securityfocus.com/bid/94591
ASA-201612-1 https://security.archlinux.org/ASA-201612-1
ASA-201612-2 https://security.archlinux.org/ASA-201612-2
AVG-90 https://security.archlinux.org/AVG-90
AVG-91 https://security.archlinux.org/AVG-91
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2016-9079 Exploit https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb
CVE-2016-9079 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/41151.rb
CVE-2016-9079 https://nvd.nist.gov/vuln/detail/CVE-2016-9079
CVE-2017-5375;CVE-2016-9079 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/42327.html
CVE-2017-5375;CVE-2016-9079 Exploit https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
dsa-3730 https://www.debian.org/security/2016/dsa-3730
mfsa2016-92 https://www.mozilla.org/en-US/security/advisories/mfsa2016-92
mfsa2016-92 https://www.mozilla.org/security/advisories/mfsa2016-92/
RHSA-2016:2843 https://access.redhat.com/errata/RHSA-2016:2843
RHSA-2016-2843.html http://rhn.redhat.com/errata/RHSA-2016-2843.html
RHSA-2016:2850 https://access.redhat.com/errata/RHSA-2016:2850
RHSA-2016-2850.html http://rhn.redhat.com/errata/RHSA-2016-2850.html
show_bug.cgi?id=1321066 https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
USN-3140-1 https://usn.ubuntu.com/3140-1/
USN-3141-1 https://usn.ubuntu.com/3141-1/
Data source Exploit-DB
Date added Jan. 24, 2017
Description Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit)
Ransomware campaign use Known
Source publication date Jan. 24, 2017
Exploit type remote
Platform windows
Source update date Jan. 25, 2017
Source URL https://github.com/rapid7/metasploit-framework/blob/f4db90edeb7f03ce1e95f5898954cbea7e13ff6c/modules/exploits/windows/browser/firefox_smil_uaf.rb
Data source KEV
Date added June 22, 2023
Description Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
Required action Apply updates per vendor instructions.
Due date July 13, 2023
Note 
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079; https://nvd.nist.gov/vuln/detail/CVE-2016-9079
Ransomware campaign use Unknown
Data source Metasploit
Description This module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date Nov. 30, 2016
Platform Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/browser/firefox_smil_uaf.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2843.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-2843.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-2850.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-2850.html
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9079.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1321066
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-9079
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-9079
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/201701-15
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://security.gentoo.org/glsa/201701-15
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://security.gentoo.org/glsa/201701-35
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://security.gentoo.org/glsa/201701-35
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.debian.org/security/2016/dsa-3730
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://www.debian.org/security/2016/dsa-3730
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.exploit-db.com/exploits/41151/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://www.exploit-db.com/exploits/41151/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.exploit-db.com/exploits/42327/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://www.exploit-db.com/exploits/42327/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.mozilla.org/security/advisories/mfsa2016-92/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at https://www.mozilla.org/security/advisories/mfsa2016-92/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.securityfocus.com/bid/94591
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at http://www.securityfocus.com/bid/94591
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.securitytracker.com/id/1037370
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T12:50:20Z/ Found at http://www.securitytracker.com/id/1037370
Exploit Prediction Scoring System (EPSS)
Percentile 0.99295
EPSS Score 0.84964
Published At July 31, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:13.511057+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2016/mfsa2016-92.yml 37.0.0