CVE-2016-5294 : The Mozilla Updater can be made to choose an arbitrary target working directory

The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Published 2018-06-11 21:29:01

Updated 2018-07-30 12:45:03

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2016-5294

Mozilla » Firefox
Versions before (<) 50.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Mozilla » Thunderbird
Versions before (<) 45.5.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Mozilla » Firefox Esr
Versions before (<) 45.5.0
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2016-5294

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 25 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-5294

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2016-5294

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-5294

https://www.mozilla.org/security/advisories/mfsa2016-93/

Security vulnerabilities fixed in Thunderbird 45.5 — Mozilla
Vendor Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201701-15

Mozilla Firefox, Thunderbird: Multiple vulnerabilities (GLSA 201701-15) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1037298

Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, Spoof URLs, Modify Files, and Obtain Potentially Sensitive Information - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/94336

Mozilla Firefox Multiple Security Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.mozilla.org/security/advisories/mfsa2016-90/

Security vulnerabilities fixed in Firefox ESR 45.5 — Mozilla
Vendor Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1246972

1246972 - (CVE-2016-5294) Arbitrary target directory for result files of update process
Exploit;Issue Tracking;Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2016-89/

Security vulnerabilities fixed in Firefox 50 — Mozilla
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-5294

Products affected by CVE-2016-5294

Exploit prediction scoring system (EPSS) score for CVE-2016-5294

CVSS scores for CVE-2016-5294

CWE ids for CVE-2016-5294

References for CVE-2016-5294