Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
Mozilla — Firefox, Firefox ESR, and Thunderbird
- Added to KEV catalog
- 22 June 2023
- Federal remediation due date
- 13 July 2023
- Weakness classification (CWE)
- CWE-416
CISA Description
Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.
Required action
Apply updates per vendor instructions.
Notes
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079; https://nvd.nist.gov/vuln/detail/CVE-2016-9079
More Mozilla Vulnerabilities
Mozilla Multiple Products Remote Code Execution Vulnerability
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox Security Feature Bypass Vulnerability
Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability
Mozilla Firefox and Thunderbird Type Confusion Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services