KLA10906
Use-after-free vulnerability in Mozilla products
Updated: 07/05/2018
CVSS
?
7.5
Detect date
?
11/30/2016
Severity
?
Critical
Description

A use-after-free vulnerability was found in Mozilla Firefox before 50.0.2, Mozilla Firefox ESR before 45.5.1 and Mozilla Thunderbird before 45.5.1. Exploiting this vulnerability can possibly lead to a denial of service and also an execution of arbitrary code. This vulnerability can be exploited remotely via a SVG Animation.

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.

Affected products

Mozilla Firefox before 50.0.2
Mozilla Firefox ESR before 45.5.1
Mozilla Thunderbird before 45.5.1

Solution

Update to the latest versions
Download Mozilla Firefox
Download Mozilla Thunderbird
Mozilla Firefox ESR

Original advisories

Mozilla Foundation Security Advisory 2016-92

Impacts
?
ACE 
[?]

DoS 
[?]
Related products
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Firefox
CVE-IDS
?

CVE-2016-9079