Critical severity9.8NVD Advisory· Published Sep 22, 2016· Updated May 6, 2026
CVE-2016-5281
CVE-2016-5281
Description
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- www.mozilla.org/security/announce/2016/mfsa2016-85.htmlnvdRelease NotesVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry
- www.geeknik.net/7gr1u98b9nvdNot Applicable
- rhn.redhat.com/errata/RHSA-2016-1912.htmlnvd
- www.debian.org/security/2016/dsa-3674nvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlnvd
- www.securityfocus.com/bid/93049nvd
- www.securitytracker.com/id/1036852nvd
- security.gentoo.org/glsa/201701-15nvd
- www.mozilla.org/security/advisories/mfsa2016-86/nvd
- www.mozilla.org/security/advisories/mfsa2016-88/nvd
News mentions
0No linked articles in our index yet.