CVE-2016-5295
N/A
N/A
Summary
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 50 | affected |
Weaknesses
- Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/94337
- https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/
- http://www.securitytracker.com/id/1037298
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1247239
References
- http://www.securityfocus.com/bid/94337
- https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/
- http://www.securitytracker.com/id/1037298
- https://www.mozilla.org/security/advisories/mfsa2016-89/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1247239
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.