CVE-2016-9899

CRITICAL

Debian Linux < 52.1.0 - Use After Free

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9899. PoCs published by Marcin Ressel.

AI-analyzed exploit summary This is a proof-of-concept exploit for a use-after-free vulnerability in Mozilla Firefox versions prior to 50.1.0. The exploit manipulates memory by triggering a DOMSubtreeModified event handler and subsequently reusing freed memory to achieve a crash, potentially leading to arbitrary code execution.

Description

Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.

Exploits (1)

exploitdb WORKING POC
by Marcin Ressel · htmldoswindows
https://www.exploit-db.com/exploits/41042

This is a proof-of-concept exploit for a use-after-free vulnerability in Mozilla Firefox versions prior to 50.1.0. The exploit manipulates memory by triggering a DOMSubtreeModified event handler and subsequently reusing freed memory to achieve a crash, potentially leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: Mozilla Firefox < 50.1.0
No auth needed
Prerequisites: Victim must visit a malicious webpage · Target must be using a vulnerable version of Firefox
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2016-94/
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2016-95/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94885
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037461
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1317409
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201701-15
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2017/dsa-3757
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41042/
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2973.html
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2016-96/
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2946.html

Scores

CVSS v3 9.8
EPSS 0.3642
EPSS Percentile 97.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (20)
debian/debian_linux 9.0
mozilla/firefox 52.0 - 52.1.0
mozilla/thunderbird < 52.1.0
redhat/enterprise_linux 5.0
redhat/enterprise_linux 6.0
redhat/enterprise_linux 7.0
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 5.0
... and 10 more
Published Jun 11, 2018
Tracked Since Feb 18, 2026