CVE-2016-9079 - Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability

Mozilla | Firefox, Firefox ESR, and Thunderbird

• Date Added:
• 2023-06-22

• Due Date:
• 2023-07-13

Vulnerability Name

Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability

Description

Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079; https://nvd.nist.gov/vuln/detail/CVE-2016-9079

Latest Security News

Swap EOL Zyxel routers, upgrade Netgear ones!

Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

Navigating the Future: Key IT Vulnerability Management Trends 

AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

How Are Modern Fraud Groups Using GenAI and Deepfakes?

Common Alerts

MediumBackup File Disclosure

InformationalGraphQL Endpoint Supports Introspection

HighServer Side Code Injection - ASP Code Injection

HighCross-Domain Misconfiguration - Silverlight

InformationalModern Web Application

LowStrict-Transport-Security Defined via META (Non-compliant with Spec)

InformationalUsername Hash Found

LowPrivate IP Disclosure

MediumCSP: script-src unsafe-eval

MediumFile Upload

Latest CVE List

CVE-2024-45195 Apache OFBiz Forced Browsing Vulnerability

CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability

CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability

CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability

CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

CVE-2025-23006 SonicWall SMA1000 Appliances Deserialization Vulnerability

CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability

CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability

CVE-2024-55591 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability

CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

MediumCWE-352 Cross-Site Request Forgery (CSRF)

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1426 Improper Validation of Generative AI Output

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-284 Improper Access Control

CWE-304 Missing Critical Step in Authentication

CWE-307 Improper Restriction of Excessive Authentication Attempts