Cyber Resilience

CVE-2016-9079

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 11 June 2018

Published
11 June 2018
Modified
04 November 2025
KEV Added
22 June 2023
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.8481 99.4th percentile
Risk Priority 86 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-9079 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

A use-after-free vulnerability, tracked as CVE-2016-9079 and assigned CWE-416, exists in the SVG Animation component of Mozilla products. It affects Firefox versions prior to 50.0.2, Firefox ESR versions prior to 45.5.1, and Thunderbird versions prior to 45.5.1. The flaw received a CVSS 3.1 base score of 7.5, reflecting network attack vector, low complexity, and no required privileges or user interaction for a confidentiality impact.

An attacker can exploit the issue remotely by serving malicious web content containing crafted SVG animations. Public reporting indicates that working exploits were found in the wild, specifically targeting Firefox and Tor Browser users on Windows, enabling unauthorized disclosure of sensitive information from the affected process.

Red Hat Security Advisories RHSA-2016-2843 and RHSA-2016-2850, along with the referenced Mozilla bug 1321066, address the issue through updated packages that correct the use-after-free condition in SVG handling. Applying these updates to reach the fixed versions eliminates the vulnerability for supported deployments.

The vulnerability is notable for confirmed real-world exploitation prior to widespread patching, underscoring the need for rapid update deployment on Windows endpoints running the affected Mozilla software.

EU & UK References

Vulnerability details

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and…

more

Thunderbird < 45.5.1.

CWE(s)
KEV Date Added
22 June 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

debian
debian linux
9.0
redhat
enterprise linux
5.0, 6.0, 7.0
redhat
enterprise linux desktop
5.0, 6.0, 7.0
redhat
enterprise linux server
5.0, 6.0, 7.0
redhat
enterprise linux server aus
7.3, 7.4
redhat
enterprise linux server eus
7.3, 7.4, 7.5
redhat
enterprise linux workstation
5.0, 6.0, 7.0
mozilla
thunderbird
≤ 45.5.1
mozilla
firefox
≤ 50.0.2 · ≤ 45.5.1
torproject
tor
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying vendor patches that eliminate the use-after-free condition in SVG Animation for Firefox < 50.0.2 and ESR < 45.5.1.

preventdetect

Enforces malicious-code detection and blocking mechanisms that can intercept crafted SVG animation payloads delivered over the network before they trigger the flaw.

detect

Requires continuous vulnerability scanning to identify unpatched Mozilla instances susceptible to CVE-2016-9079 before exploitation occurs.

References