CVE-2016-2826

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 47.0 Mozilla Firefox ESR versions prior to 45.2

Description The issue is related to the maintenance service in Mozilla Firefox, which does not properly prevent modification of extracted files during the execution of the updater. This might allow local users to gain privileges via a Trojan horse file. The vulnerability is associated with insufficient access control, which can be exploited by a local attacker to elevate their privileges using a malicious file.

Recommendations For Mozilla Firefox versions prior to 47.0, update to version 47.0 or later. For Mozilla Firefox ESR versions prior to 45.2, update to version 45.2 or later.