CVE-2016-5294

Description

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Risk Information

Base Score

5.5

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Score

Exploitation Probability

0.071

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox ESR (45.5.0)	Windows
Update for Mozilla Firefox (50.0)	Windows
Update for Mozilla Firefox x64 (50.0)	Windows
Update for Mozilla Thunderbird (45.5.0)	Windows
Update for Mozilla Firefox (50.0.1)	Windows
Update for Mozilla Firefox x64 (50.0.1)	Windows
Update for Mozilla Firefox (50.0.2)	Windows
Update for Mozilla Firefox x64 (50.0.2)	Windows
Update for Mozilla Firefox ESR (45.5.1)	Windows
Update for Mozilla Thunderbird (45.5.1)	Windows
Update for Mozilla Firefox (50.1.0)	Windows
Update for Mozilla Firefox x64 (50.1.0)	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-304312	Update for Mozilla Firefox ESR (45.5.0)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304314	Update for Mozilla Firefox x64 (50.0)
PATCH-304330	Update for Mozilla Thunderbird (45.5.0)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304365	Update for Mozilla Firefox x64 (50.0.1)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304376	Update for Mozilla Firefox x64 (50.0.2)
PATCH-304377	Update for Mozilla Firefox ESR (45.5.1)
PATCH-304378	Update for Mozilla Thunderbird (45.5.1)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304411	Update for Mozilla Firefox x64 (50.1.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234