CVE-2016-5281

Name: CVE-2016-5281
Creator: NVD / NIST
Published: 2016-09-22T22:59:15.91+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 5.04%

Last modified Jun 17, 2026

CVE-2016-5281 is a vulnerability of currently unknown severity. Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.. EPSS estimates a 5.04% chance of exploitation in the next 30 days.

Description

Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.

Metrics

EPSS Probability

5.04%

91.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-416

Affected Software

Vendor	Product	Versions
Mozilla	Firefox	<= 48.0.2
Mozilla	Firefox	45.0
Mozilla	Firefox	45.0.1
Mozilla	Firefox	45.0.2
Mozilla	Firefox	45.1.1
Mozilla	Firefox	45.2.0
Mozilla	Firefox	45.3.0

References

http://rhn.redhat.com/errata/RHSA-2016-1912.html
http://www.debian.org/security/2016/dsa-3674
http://www.geeknik.net/7gr1u98b9Not Applicable
http://www.mozilla.org/security/announce/2016/mfsa2016-85.htmlRelease Notes, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.securityfocus.com/bid/93049
http://www.securitytracker.com/id/1036852
https://bugzilla.mozilla.org/show_bug.cgi?id=1284690Issue Tracking, Third Party Advisory, VDB Entry
https://security.gentoo.org/glsa/201701-15
https://www.mozilla.org/security/advisories/mfsa2016-86/
https://www.mozilla.org/security/advisories/mfsa2016-88/
http://rhn.redhat.com/errata/RHSA-2016-1912.html
http://www.debian.org/security/2016/dsa-3674
http://www.geeknik.net/7gr1u98b9Not Applicable
http://www.mozilla.org/security/announce/2016/mfsa2016-85.htmlRelease Notes, Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.securityfocus.com/bid/93049
http://www.securitytracker.com/id/1036852
https://bugzilla.mozilla.org/show_bug.cgi?id=1284690Issue Tracking, Third Party Advisory, VDB Entry
https://security.gentoo.org/glsa/201701-15
https://www.mozilla.org/security/advisories/mfsa2016-86/
https://www.mozilla.org/security/advisories/mfsa2016-88/

Timeline

Published: Sep 22, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-5281?

How severe is CVE-2016-5281?

Severity scoring for CVE-2016-5281 is pending analysis. The EPSS model estimates a 5.04% probability of exploitation in the next 30 days.

How do I fix CVE-2016-5281?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-5281?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST