CVE-2016-5294 (retired)

Priority
Description
The Mozilla Updater can be made to choose an arbitrary target working
directory for output files resulting from the update process. This
vulnerability requires local system access. Note: this issue only affects
Windows operating systems. This vulnerability affects Thunderbird < 45.5,
Firefox ESR < 45.5, and Firefox < 50.
Notes
 sbeattie> windows only
Assigned-to
chrisccoulson
Package
Upstream:released (50)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (windows only)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (windows only)
Package
Priority: Low
Upstream:not-affected (windows only)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (windows only)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (windows only)
More Information

Updated: 2019-03-26 12:22:06 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)