CVE-2016-5293

Summary

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 45.5affected
MozillaFirefoxunspecified < 50affected

Weaknesses

  • Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink

ADP Enrichment

CVE Program Container

Additional References

References