Mozilla Firefox 46.0.1 Gain privileges Vulnerability
8 Aug. 2016
The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.
* Canonical Ubuntu Linux 12.04
* Canonical Ubuntu Linux 14.04
* Canonical Ubuntu Linux 15.1
* Canonical Ubuntu Linux 16.04
* Mozilla Firefox 46.0.1
* Novell Leap 42.1
* Novell Opensuse 13.1
* Novell Opensuse 13.2
Multiple vulnerabilities were reported in Mozilla Firefox. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information on the target system. A remote user can spoof URLs.
A remote user can create specially crafted content that, when loaded by the target user, will trigger a buffer overflow, use-after-free memory error, or memory corruption error and execute arbitrary code on the target user's system [CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2828].
A local user can exploit a flaw in the Windows updater to overwrite arbitrary files and potentially gain elevated privileges on the target system [CVE-2016-2826]. Windows-based systems are affected.