High severity7.8NVD Advisory· Published Jun 11, 2018· Updated Jun 17, 2026
CVE-2016-5295
CVE-2016-5295
Description
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<50+ 1 more
- (no CPE)range: <50
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
5- www.securityfocus.com/bid/94337nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037298nvdThird Party AdvisoryVDB Entry
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- www.mozilla.org/en-US/security/advisories/mfsa2013-44/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2016-89/nvdVendor Advisory
News mentions
0No linked articles in our index yet.