Vulnerability Description
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 50.0 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/94337Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037298Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1247239Issue TrackingVendor Advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-89/Vendor Advisory
- http://www.securityfocus.com/bid/94337Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037298Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1247239Issue TrackingVendor Advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2016-89/Vendor Advisory
FAQ
What is CVE-2016-5295?
CVE-2016-5295 is a vulnerability with a CVSS score of 7.8 (HIGH). This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulne...
How severe is CVE-2016-5295?
CVE-2016-5295 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5295?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Microsoft Windows.