Critical severity9.8NVD Advisory· Published Sep 22, 2016· Updated May 6, 2026

CVE-2016-5274

Description

Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/announce/2016/mfsa2016-85.htmlnvdVendor Advisory
bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
rhn.redhat.com/errata/RHSA-2016-1912.htmlnvd
www.debian.org/security/2016/dsa-3674nvd
www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlnvd
www.securityfocus.com/bid/93049nvd
www.securitytracker.com/id/1036852nvd
security.gentoo.org/glsa/201701-15nvd
www.mozilla.org/security/advisories/mfsa2016-86/nvd
www.mozilla.org/security/advisories/mfsa2016-88/nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000