CVE-2016-5295
HIGHFirefox < 50.0 - Privilege Escalation via Mozilla Maintenance Service
Title source: llmDescription
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94337
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037298
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2016-89/
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1247239
Scores
CVSS v3
7.8
EPSS
0.0008
EPSS Percentile
23.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (1)
mozilla/firefox
< 50.0
Published
Jun 11, 2018
Tracked Since
Feb 18, 2026