Bug 983647 - (CVE-2016-2826) VUL-0: CVE-2016-2826: MozillaFirefox: File overwrite and privilege escalation through Mozilla Windows updater (MFSA 2016-55)
(CVE-2016-2826)
VUL-0: CVE-2016-2826: MozillaFirefox: File overwrite and privilege escalation...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Petr Cerny
Security Team bot
:
Depends on:
Blocks: 983549
  Show dependency treegraph
 
Reported: 2016-06-08 06:32 UTC by Marcus Meissner
Modified: 2016-08-17 05:51 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-08 06:32:55 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-55/


Mozilla Foundation Security Advisory 2016-55
File overwrite and privilege escalation through Mozilla Windows updater

Announced
    June 7, 2016
Reporter
    Frédéric Hoguin
Impact
    High
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 47
        Firefox ESR 45.2

Description

Security researcher Frédéric Hoguin reported a mechanism where the Mozilla Windows updater could be used to overwrite arbitrary files. He found that files extracted by the updater from a MAR archive are not locked for writing and can be overwritten by other processes while the updater is running. A malicious local program could invoke the updater and then interfere with the extracted files, replacing them with its own. This vulnerability could be used for privilege escalation if these overwritten files were later invoked by other Windows components that had higher privileges.

This issue does not affect non-Windows operating systems.
References

    Mozilla maintenance service arbitrary file overwrite allowing privilege escalation (CVE-2016-2826)
Comment 1 Swamp Workflow Management 2016-06-08 22:01:14 UTC
bugbot adjusting priority
Comment 2 Marcus Meissner 2016-08-17 05:51:01 UTC
not affecting linux