CVE-2016-5281

Published: Sep 22, 2016Modified: May 6, 2026

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.

Affected (7)

Products: Mozilla: Firefox

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 48.0.2
Mozilla Firefox	Version 45.0.1
Mozilla Firefox	Version 45.0.2
Mozilla Firefox	Version 45.0
Mozilla Firefox	Version 45.1.1
Mozilla Firefox	Version 45.2.0
Mozilla Firefox	Version 45.3.0

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (22)

http://rhn.redhat.com/errata/RHSA-2016-1912.html

Source: security@mozilla.org

http://www.debian.org/security/2016/dsa-3674

Source: security@mozilla.org

http://www.geeknik.net/7gr1u98b9

Source: security@mozilla.org

Not Applicable

http://www.mozilla.org/security/announce/2016/mfsa2016-85.html

Source: security@mozilla.org

Release NotesVendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Source: security@mozilla.org

http://www.securityfocus.com/bid/93049

Source: security@mozilla.org

http://www.securitytracker.com/id/1036852

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1284690

Source: security@mozilla.org

Issue TrackingThird Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201701-15

Source: security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2016-86/

Source: security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2016-88/

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2016-1912.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2016/dsa-3674

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.geeknik.net/7gr1u98b9

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://www.mozilla.org/security/announce/2016/mfsa2016-85.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/93049

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036852

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1284690

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201701-15

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mozilla.org/security/advisories/mfsa2016-86/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.mozilla.org/security/advisories/mfsa2016-88/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.