cvedb.io
CVE-2016-5295
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2018-06-11T21:29:00.640 · Last modified 2026-06-17T00:49:09.563

Summary

This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.

Affected products

mozilla — firefox

Does this affect you?

Add your gear to cvedb and we'll alert you only when mozilla ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.