vulnerability

MFSA2016-86 Firefox: Security vulnerabilities fixed in Firefox ESR 45.4 (CVE-2016-5284)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Sep 22, 2016	Oct 25, 2016	Feb 10, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Sep 22, 2016

Added

Oct 25, 2016

Modified

Feb 10, 2026

Description

Due to flaws in the process we used to update "Preloaded Public Key Pinning" in our releases, the pinning for add-on updates became ineffective in early September. An attacker who was able to get a mis-issued certificate for a Mozilla web site could send malicious add-on updates to users on networks controlled by the attacker. Users who have not installed any add-ons are not affected.

Solution

mozilla-firefox-esr-upgrade-45_4

References

CVE-2016-5284
https://attackerkb.com/topics/CVE-2016-5284
CWE-20
URL-http://www.mozilla.org/security/announce/2016/mfsa2016-86.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today