VDB

CVE-2016-5295

CVE-2016-5295 PUBLISHED

Reported by mozilla · Published June 11, 2018

This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.

Affected Products

VendorProductVersions
MozillaFirefoxunspecified
MozillaFirefoxunspecified, unspecified

Timeline

  • Jun 11, 2018 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 14, 2022 CVE Updated
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 2, 2023 EPSS Score

References

  • 94337 vdb-entryx_refsource_BID
  • x_refsource_CONFIRM
  • 1037298 vdb-entryx_refsource_SECTRACK
  • x_refsource_CONFIRM
  • x_refsource_CONFIRM
Open in Interactive Console →
$ Console Community · 100/wk Open console ›