Bug 983647 (CVE-2016-2826)

Summary: VUL-0: CVE-2016-2826: MozillaFirefox: File overwrite and privilege escalation through Mozilla Windows updater (MFSA 2016-55)
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 983549    

Description Marcus Meissner 2016-06-08 06:32:55 UTC 
https://www.mozilla.org/en-US/security/advisories/mfsa2016-55/


Mozilla Foundation Security Advisory 2016-55
File overwrite and privilege escalation through Mozilla Windows updater

Announced
    June 7, 2016
Reporter
    Frédéric Hoguin
Impact
    High
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 47
        Firefox ESR 45.2

Description

Security researcher Frédéric Hoguin reported a mechanism where the Mozilla Windows updater could be used to overwrite arbitrary files. He found that files extracted by the updater from a MAR archive are not locked for writing and can be overwritten by other processes while the updater is running. A malicious local program could invoke the updater and then interfere with the extracted files, replacing them with its own. This vulnerability could be used for privilege escalation if these overwritten files were later invoked by other Windows components that had higher privileges.

This issue does not affect non-Windows operating systems.
References

    Mozilla maintenance service arbitrary file overwrite allowing privilege escalation (CVE-2016-2826)
Comment 1 Swamp Workflow Management 2016-06-08 22:01:14 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2016-08-17 05:51:01 UTC 
not affecting linux