HTTP: Mozilla Firefox NotifyTimeChange Use After Free 4
Signature attempts to capture an out-of-bounds indexing/use-after-free condition present in Mozilla Firefox on Microsoft Windows.
Extended Description
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Affected Products
Redhat enterprise_linux_workstation
References
CVE: CVE-2016-9079
Short Name
HTTP:STC:FF-NOTIFY-TM-CHANGE-4
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
4 After CVE-2016-9079 Firefox Free Mozilla NotifyTimeChange Use
Release Date
03/14/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Debian
Redhat
CVSS Score
5.0