FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- SVG Animation Remote Code Execution

Affected packages
firefox < 50.0.2,1
firefox-esr < 45.5.1,1
linux-firefox < 45.5.1,2
seamonkey < 2.46
linux-seamonkey < 2.46
libxul < 45.5.1
thunderbird < 45.5.1
linux-thunderbird < 45.5.1

Details

VuXML ID 18f39fb6-7400-4063-acaf-0806e92c094f
Discovery 2016-11-30
Entry 2016-12-01
Modified 2016-12-16

The Mozilla Foundation reports:

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.

References

CVE Name CVE-2016-9079
URL https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/