From f2a1ab4c5951ef4d1301f8cf6ea77f86ab63104d Mon Sep 17 00:00:00 2001 From: cmt Date: Thu, 1 Dec 2016 13:40:50 +0000 Subject: document mozilla vulnerabilities CVE-2016-9079 PR: 214978 Approved by: jbeich, rene (mentor, implicit) --- security/vuxml/vuln.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c3d0dfd91bd8..d81cb244ad94 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,55 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + Mozilla -- SVG Animation Remote Code Execution + + + firefox + 50.0.2,1 + + + firefox-esr + 45.5.1,1 + + + linux-firefox + 45.5.1,2 + + + libxul + 45.5.1 + + + thunderbird + 45.5.1 + + + linux-thunderbird + 45.5.1 + + + + +

The Mozilla Foundation reports:

+
A use-after-free vulnerability in SVG Animation has been + discovered. An exploit built on this vulnerability has been + discovered in the wild targeting Firefox and Tor Browser + users on Windows.
+

+ + + + CVE-2016-9079 + https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/ + + + 2016-11-30 + 2016-12-01 + + + wget -- Access List Bypass / Race Condition -- cgit