CVE-2016-5253

Description

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.

Risk Information

Base Score

4.7

MODERATE

Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Score

Exploitation Probability

0.058

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox (48.0)	Windows
Update for Mozilla Firefox x64 (48.0)	Windows
Update for Mozilla Firefox (48.0.1)	Windows
Update for Mozilla Firefox x64 (48.0.1)	Windows
Update for Mozilla Firefox (48.0.2)	Windows
Update for Mozilla Firefox x64 (48.0.2)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-302216	Update for Mozilla Firefox x64 (48.0)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304013	Update for Mozilla Firefox x64 (48.0.1)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304032	Update for Mozilla Firefox x64 (48.0.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234