Critical severity9.8NVD Advisory· Published Sep 22, 2016· Updated May 6, 2026
CVE-2016-5277
CVE-2016-5277
Description
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.mozilla.org/security/announce/2016/mfsa2016-85.htmlnvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- rhn.redhat.com/errata/RHSA-2016-1912.htmlnvd
- www.debian.org/security/2016/dsa-3674nvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlnvd
- www.securityfocus.com/bid/93049nvd
- www.securitytracker.com/id/1036852nvd
- security.gentoo.org/glsa/201701-15nvd
- www.mozilla.org/security/advisories/mfsa2016-86/nvd
- www.mozilla.org/security/advisories/mfsa2016-88/nvd
News mentions
0No linked articles in our index yet.