CVE-2016-5295

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1247239
• https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/
• https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/
• http://www.securityfocus.com/bid/94337
• http://www.securitytracker.com/id/1037298
• https://www.mozilla.org/security/advisories/mfsa2016-89/

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2016-89

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2016-5296
• CVE-2016-5292
• CVE-2016-5293
• CVE-2016-5294
• CVE-2016-5297
• CVE-2016-9064
• CVE-2016-9065
• CVE-2016-9066
• CVE-2016-9067
• CVE-2016-9068
• CVE-2016-9072
• CVE-2016-9075
• CVE-2016-9077
• CVE-2016-5291
• CVE-2016-5295
• CVE-2016-5298
• CVE-2016-5299
• CVE-2016-9061
• CVE-2016-9062
• CVE-2016-9070
• CVE-2016-9073
• CVE-2016-9074
• CVE-2016-9076
• CVE-2016-9063
• CVE-2016-9071
• CVE-2016-5289
• CVE-2016-5290

Frequently Asked Questions

• What is CVE-2016-5295?

  CVE-2016-5295 is a vulnerability that allows an attacker to use the Mozilla Maintenance Service to escalate privilege.

• How does CVE-2016-5295 work?

  CVE-2016-5295 works by having the Mozilla Maintenance Service invoke the Mozilla Updater to run malicious local files.

• Does CVE-2016-5295 require local system access?

  Yes, CVE-2016-5295 requires local system access.

• What is the severity of CVE-2016-5295?

  CVE-2016-5295 has a severity level of medium (4).

• How can I mitigate the impact of CVE-2016-5295?

  To mitigate the impact of CVE-2016-5295, update your Mozilla Firefox to a version higher than 50.