Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-4481

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

Published

2015-08-16T01:59:08.877

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.4

Impact Score

4.9

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	≤ 39.0.3	Yes
Application	mozilla	firefox	38.0	Yes
Application	mozilla	firefox	38.0.1	Yes
Application	mozilla	firefox	38.0.5	Yes
Application	mozilla	firefox	38.1.0	Yes
Operating System	microsoft	windows	*	No
Operating System	opensuse	opensuse	13.1	Yes
Operating System	opensuse	opensuse	13.2	Yes
Operating System	oracle	solaris	11.3	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html ([email protected])
http://www.mozilla.org/security/announce/2015/mfsa2015-84.html Vendor Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory ([email protected])
http://www.securitytracker.com/id/1033247 ([email protected])
http://www.securitytracker.com/id/1033372 ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=1171518 Issue Tracking ([email protected])
https://security.gentoo.org/glsa/201605-06 ([email protected])
https://www.exploit-db.com/exploits/37925/ ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2015/mfsa2015-84.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033247 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033372 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1171518 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201605-06 (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/37925/ (af854a3a-2127-422b-91ae-364da2661108)