CVE-2015-4481

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
http://www.mozilla.org/security/announce/2015/mfsa2015-84.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.securitytracker.com/id/1033247
http://www.securitytracker.com/id/1033372
https://bugzilla.mozilla.org/show_bug.cgi?id=1171518	Issue Tracking
https://security.gentoo.org/glsa/201605-06
https://www.exploit-db.com/exploits/37925/
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html	Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
http://www.mozilla.org/security/announce/2015/mfsa2015-84.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.securitytracker.com/id/1033247
http://www.securitytracker.com/id/1033372
https://bugzilla.mozilla.org/show_bug.cgi?id=1171518	Issue Tracking
https://security.gentoo.org/glsa/201605-06
https://www.exploit-db.com/exploits/37925/

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox:38.0:::::::*
	cpe:2.3:a:mozilla:firefox:38.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:38.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 3 (hide)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

History

21 Nov 2024, 02:31

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html - Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html - Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html - Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html - Third Party Advisory
References	~~() http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html -~~	() http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html -~~	() http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html -
References	~~() http://www.mozilla.org/security/announce/2015/mfsa2015-84.html - Vendor Advisory~~	() http://www.mozilla.org/security/announce/2015/mfsa2015-84.html - Vendor Advisory
References	~~() http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory~~	() http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory
References	~~() http://www.securitytracker.com/id/1033247 -~~	() http://www.securitytracker.com/id/1033247 -
References	~~() http://www.securitytracker.com/id/1033372 -~~	() http://www.securitytracker.com/id/1033372 -
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=1171518 - Issue Tracking~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=1171518 - Issue Tracking
References	~~() https://security.gentoo.org/glsa/201605-06 -~~	() https://security.gentoo.org/glsa/201605-06 -
References	~~() https://www.exploit-db.com/exploits/37925/ -~~	() https://www.exploit-db.com/exploits/37925/ -

22 Oct 2024, 13:42

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mozilla:firefox_esr:38.0.5:::::::* cpe:2.3:a:mozilla:firefox_esr:38.1.0:::::::* cpe:2.3:a:mozilla:firefox_esr:38.0.1:::::::* cpe:2.3:a:mozilla:firefox_esr:38.0:::::::*	cpe:2.3:a:mozilla:firefox:38.0:::::::* cpe:2.3:a:mozilla:firefox:38.0.1:::::::* cpe:2.3:a:mozilla:firefox:38.0.5:::::::* cpe:2.3:a:mozilla:firefox:38.1.0:::::::*

Information

Published : 2015-08-16 01:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-4481

Mitre link : CVE-2015-4481

CVE.ORG link : CVE-2015-4481

JSON object : View

Products Affected

oracle

solaris

opensuse

opensuse

microsoft

windows

mozilla

firefox

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

3.3 /10