Firefox SVG Parser Use-After-Free Zero Day Exploit
- Firefox 41 to 50.0.1
- Firefox 45 ESR
- Tor Browser Bundle
Indicators of Compromise
The disclosed in-the-wild exploit calls back to 5[.]39[.]27[.]226. We recommend investigating any traffic going to this IP address.
At the time of this writing no patches have been released. Mozilla is actively working on a fix and we expect patches will be available soon from both Mozilla and the Tor project.
We assess that the risk posed by this vulnerability is high. We anticipate that cybercriminals and other malicious threat actors will implement variations of the exploit.
The Masergy Threat Intelligence Team currently has deployed the following alerts to detect the exploitation of this vulnerability:
Detected communication with command and control infrastructure used in a in-the-wild zero day exploit for Firefox’s SVG parser.
Additional information can be found at: