1. Home
  2. Vulnerabilities
  3. CVE-2016-5294

CVE-2016-5294

CVSS v3.0 5.5 (Medium)
55% Progress
CVSS v2.0 2.1 (Low)
21% Progress
EPSS 0.07 % (32th)
0.07% Progress
Affected Products 4
Advisories 5
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2018-06-11 21:29:00
(6 years ago)
Updated Date
2018-07-30 12:45:03
(6 years ago)

Affected Products

Microsoft

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 50.0 version cpe:2.3:a:mozilla:firefox < 50.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 45.5.0 version cpe:2.3:a:mozilla:firefox_esr < 45.5.0
OR  
  Running on/with
  Mozilla Thunderbird prior 45.5.0 version cpe:2.3:a:mozilla:thunderbird < 45.5.0
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows:-