virus logo FortiClient Vulnerability

Mozilla Firefox CVE-2016-5253 Weak Authentication Vulnerability

description-logoDescription

Security researcher Holger Fuhrmannek reported that when the Updater is opened directly using the callback application path parameter, a copy of a user specified file is made as a callback file. If the target of this file is made with a locked hardlink, an arbitrary local file can be replaced on the system even if there is no privileged write access to the targeted file. If this targeted file is run by other processes with privileges, this could allow for arbitrary code execution by a malicious user with local system access. This is not exploitable by web content.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2016-5253

Other References

https://www.mozilla.org/en-US/security/advisories/mfsa2016-69
ID 31198
Created Jul 11, 2018
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Mozilla
Patch auto
Application Firefox