CVE-2016-5295
Description
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.08
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for Mozilla Firefox (50.0) | Windows |
| Update for Mozilla Firefox x64 (50.0) | Windows |
| Update for Mozilla Firefox (50.0.1) | Windows |
| Update for Mozilla Firefox x64 (50.0.1) | Windows |
| Update for Mozilla Firefox (50.0.2) | Windows |
| Update for Mozilla Firefox x64 (50.0.2) | Windows |
| Update for Mozilla Firefox (50.1.0) | Windows |
| Update for Mozilla Firefox x64 (50.1.0) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-344482 | Mozilla Firefox (134.0.1) |
| PATCH-304314 | Update for Mozilla Firefox x64 (50.0) |
| PATCH-344482 | Mozilla Firefox (134.0.1) |
| PATCH-304365 | Update for Mozilla Firefox x64 (50.0.1) |
| PATCH-344482 | Mozilla Firefox (134.0.1) |
| PATCH-304376 | Update for Mozilla Firefox x64 (50.0.2) |
| PATCH-344482 | Mozilla Firefox (134.0.1) |
| PATCH-304411 | Update for Mozilla Firefox x64 (50.1.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234