A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
CVSS Details
- CVSS 3.1 Base Score: 7.5
- CVSS 3.1 Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Arch Linux | arch-linux-upgrade-latest | Jul 11, 2025 | Jun 11, 2018 | |
| Centos_linux | — | centos-upgrade-firefoxcentos-upgrade-thunderbird | Jan 27, 2017 | Nov 30, 2016 |
| Debian | debian-upgrade-firefox-esrdebian-upgrade-icedove | Dec 2, 2016 | Nov 30, 2016 | |
| Freebsd | freebsd-upgrade-package-firefoxfreebsd-upgrade-package-firefox-esrfreebsd-upgrade-package-linux-firefoxfreebsd-upgrade-package-seamonkeyfreebsd-upgrade-package-linux-seamonkeyfreebsd-upgrade-package-libxulfreebsd-upgrade-package-thunderbirdfreebsd-upgrade-package-linux-thunderbird | Dec 1, 2016 | Dec 1, 2016 | |
| Gentoo Linux | gentoo-linux-upgrade-mail-client-thunderbirdgentoo-linux-upgrade-mail-client-thunderbird-bingentoo-linux-upgrade-www-client-firefoxgentoo-linux-upgrade-www-client-firefox-bingentoo-linux-upgrade-www-client-seamonkeygentoo-linux-upgrade-www-client-seamonkey-bin | Oct 30, 2017 | Jan 3, 2017 | |
| Huawei Euleros 2_0_sp1 | huawei-euleros-2_0_sp1-upgrade-firefox | Aug 28, 2019 | Jun 11, 2018 | |
| Huawei Euleros 2_0_sp2 | huawei-euleros-2_0_sp2-upgrade-firefox | Aug 28, 2019 | Jun 11, 2018 | |
| Mfsa2016 92 | mozilla-firefox-esr-upgrade-45_5_1mozilla-firefox-upgrade-50_0_2 | Dec 1, 2016 | Nov 30, 2016 | |
| Mozilla Thunderbird | mozilla-thunderbird-upgrade-45_5_1 | Dec 1, 2016 | Nov 30, 2016 | |
| Oracle Solaris | oracle-solaris-11-3-upgrade-mail-thunderbird-45-5-1-0-175-3-16-0-2-0oracle-solaris-11-3-upgrade-mail-thunderbird-plugin-thunderbird-lightning-45-5-1-0-175-3-16-0-2-0oracle-solaris-11-3-upgrade-web-browser-firefox-45-6-0-0-175-3-16-0-3-0oracle-solaris-11-3-upgrade-web-browser-firefox-plugin-firefox-java-45-6-0-0-175-3-16-0-3-0oracle-solaris-11-3-upgrade-web-data-firefox-bookmarks-45-6-0-0-175-3-16-0-3-0 | May 29, 2017 | May 29, 2017 | |
| Oracle_linux | — | oracle-linux-upgrade-firefoxoracle-linux-upgrade-thunderbird | Dec 2, 2016 | Dec 1, 2016 |
| Redhat_linux | — | redhat-upgrade-firefoxredhat-upgrade-firefox-debuginforedhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginfo | Dec 2, 2016 | Nov 30, 2016 |
| Suse | — | suse-upgrade-libfreebl3suse-upgrade-libfreebl3-32bitsuse-upgrade-libfreebl3-x86suse-upgrade-libsoftokn3suse-upgrade-libsoftokn3-32bitsuse-upgrade-libsoftokn3-x86suse-upgrade-mozilla-nsssuse-upgrade-mozilla-nss-32bitsuse-upgrade-mozilla-nss-develsuse-upgrade-mozilla-nss-toolssuse-upgrade-mozilla-nss-x86suse-upgrade-mozillafirefoxsuse-upgrade-mozillafirefox-develsuse-upgrade-mozillafirefox-translationssuse-upgrade-mozillafirefox-translations-commonsuse-upgrade-mozillafirefox-translations-othersuse-upgrade-mozillathunderbirdsuse-upgrade-mozillathunderbird-buildsymbolssuse-upgrade-mozillathunderbird-develsuse-upgrade-mozillathunderbird-translations-commonsuse-upgrade-mozillathunderbird-translations-other | Dec 4, 2016 | Nov 30, 2016 |
| Ubuntu | ubuntu-upgrade-firefoxubuntu-upgrade-thunderbird | Dec 1, 2016 | Nov 30, 2016 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub