CVE-2016-5295: High severity firefox vulnerability

Q: What is CVE-2016-5295?

CVE-2016-5295 is a vulnerability that allows an attacker to use the Mozilla Maintenance Service to escalate privilege.

Q: How does CVE-2016-5295 work?

CVE-2016-5295 works by having the Mozilla Maintenance Service invoke the Mozilla Updater to run malicious local files.

Q: Does CVE-2016-5295 require local system access?

Yes, CVE-2016-5295 requires local system access.

Q: What is the severity of CVE-2016-5295?

CVE-2016-5295 has a severity level of medium (4).

Q: How can I mitigate the impact of CVE-2016-5295?

To mitigate the impact of CVE-2016-5295, update your Mozilla Firefox to a version higher than 50.

Published Nov 15, 2016

Updated

This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems.

Affected Software

3 affected componentsFixes available

Mozilla Firefox<50

Mozilla Firefox<50.0

Microsoft Windows

Event History

Nov 15, 2016

CVE Published

12:00 AM

Jun 11, 2018

CVE Published

via MITRE·09:00 PM

Data Sourced

via MITRE·09:00 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

MFSA2016-89

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2016-5295?

CVE-2016-5295 is a vulnerability that allows an attacker to use the Mozilla Maintenance Service to escalate privilege.

How does CVE-2016-5295 work?

CVE-2016-5295 works by having the Mozilla Maintenance Service invoke the Mozilla Updater to run malicious local files.

Does CVE-2016-5295 require local system access?