CVE-2016-5253

Published: 05 August 2016

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.

Priority

Medium

CVSS 3 base score: 4.7

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (48)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(windows only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [windows only])
thunderbird
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)