Home

CVE-2015-4481

Description

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

Risk Information

Base Score
7.0
MODERATE
Vector
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.164

Associated Vulnerability

VulnerabilityOS Platform
Update for SeaMonkey (2.35)Windows
Update for Mozilla Firefox (40.0)Windows
Update for Mozilla Firefox (40.0.2)Windows
Update for Mozilla Firefox (40.0.3)Windows
Update for Mozilla Firefox ESR (38.2.1)Windows
Update for Mozilla Thunderbird (38.2.0)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-301494Update for SeaMonkey (2.35)
PATCH-302181Update for Mozilla Firefox (40.0)
PATCH-302182Update for Mozilla Firefox (40.0.2)
PATCH-302183Update for Mozilla Firefox (40.0.3)
PATCH-302284Update for Mozilla Firefox ESR (38.2.1)
PATCH-302489Update for Mozilla Thunderbird (38.2.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234