Mozilla Firefox CVE-2016-2826 Weak Authentication Vulnerability

description-logoDescription

Security researcher Frdric Hoguin reported a mechanism where the Mozilla Windows updater could be used to overwrite arbitrary files. He found that files extracted by the updater from a MAR archive are not locked for writing and can be overwritten by other processes while the updater is running. A malicious local program could invoke the updater and then interfere with the extracted files, replacing them with its own. This vulnerability could be used for privilege escalation if these overwritten files were later invoked by other Windows components that had higher privileges.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2016-2826