Arbitrary File Modification via Hardlink in Mozilla Updater

Arbitrary File Modification via Hardlink in Mozilla Updater

CVE-2016-5293 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.

Learn more about our Cis Benchmark Audit For Operating Systems.