KLA10906
Use-after-free vulnerability in Mozilla products
Обновлено: 17/06/2019
Дата обнаружения
30/11/2016
Уровень угрозы
Critical
Описание

A use-after-free vulnerability was found in Mozilla Firefox before 50.0.2, Mozilla Firefox ESR before 45.5.1 and Mozilla Thunderbird before 45.5.1. Exploiting this vulnerability can possibly lead to a denial of service and also an execution of arbitrary code. This vulnerability can be exploited remotely via a SVG Animation.

NB: This vulnerability have no public CVSS rating so rating can be changed by the time.

NB: At this moment Mozilla just reserved CVE numbers for this vulnerabilities. Information can be changed soon.

Пораженные продукты

Mozilla Firefox before 50.0.2
Mozilla Firefox ESR before 45.5.1
Mozilla Thunderbird before 45.5.1

Решение

Update to the latest versions
Download Mozilla Firefox
Download Mozilla Thunderbird
Mozilla Firefox ESR

Первичный источник обнаружения
Mozilla Foundation Security Advisory 2016-92
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
CVE-IDS
CVE-2016-90797.5Critical