CVE-2016-2826

Published: Jun 13, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.

Affected (3)

Products: Mozilla: Firefox

Mozilla

1 product

Firefox

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 45.1.0
Mozilla Firefox	Version 45.1.1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 46.0.1

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-264

References (8)

http://www.mozilla.org/security/announce/2016/mfsa2016-55.html

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/91075

Source: security@mozilla.org

http://www.securitytracker.com/id/1036057

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1237219

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2016/mfsa2016-55.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/91075

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036057

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1237219

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.