Vulnerability identifier: #VU10967
Vulnerability risk: High
Exploitation vector: Network
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when manipulating the SVg animatedPathSegList through script. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update to version ESR 52.7.
Vulnerable software versions
Firefox ESR: 52.6.0
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?