CVE Daily

CVE-2016-5253

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to writ...

Medium CVSS 4.7

Overview

The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link.

CWE: CWE-264 Published: 2016-08-05T01:59:10.893
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 4.7 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags