7.8
CVE-2016-5295
- EPSS 0.33%
- Veröffentlicht 11.06.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:54:01
- CVE-Watchlists
- Unerledigt
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.241 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
http://www.securityfocus.com/bid/94337
http://www.securitytracker.com/id/1037298
https://www.mozilla.org/security/advisories/mfsa2016-89/
https://bugzilla.mozilla.org/show_bug.cgi?id=1247239
https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/