CVE-2016-5294
CVSS v3.0
5.5 (Medium)
CVSS v2.0
2.1 (Low)
EPSS
0.07 % (32th)
Affected Products
4
Advisories
5
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Weaknesses
- CWE-20
- Improper Input Validation
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2018-06-11 21:29:00
(6 years ago) - Updated Date
-
2018-07-30 12:45:03
(6 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...