Published: 11/06/2018 Updated: 30/07/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox_esr
mozilla thunderbird
mozilla firefox

Mozilla Foundation Security Advisory 2016-89 Security vulnerabilities fixed in Firefox 50 Announced November 15, 2016 Impact critical Products Firefox Fixed in Firefox 50 ...

Mozilla Foundation Security Advisory 2016-90 Security vulnerabilities fixed in Firefox ESR 455 Announced November 15, 2016 Impact critical Products Firefox ESR Fixed in Firefox ESR 455 ...

Mozilla Foundation Security Advisory 2016-93 Security vulnerabilities fixed in Thunderbird 455 Announced November 18, 2016 Impact critical Products Thunderbird Fixed in Thunderbird 455 ...

CWE-20 https://www.mozilla.org/security/advisories/mfsa2016-93/https://www.mozilla.org/security/advisories/mfsa2016-90/https://www.mozilla.org/security/advisories/mfsa2016-89/https://bugzilla.mozilla.org/show_bug.cgi?id=1246972 https://security.gentoo.org/glsa/201701-15 http://www.securitytracker.com/id/1037298 http://www.securityfocus.com/bid/94336 https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/

CVE-2016-5294

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect