CVE-2015-4505

Description

updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.

Risk Information

Base Score

7.1

MODERATE

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

EPSS Score

Exploitation Probability

0.105

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox (41.0)	Windows
Update for Mozilla Firefox (41.0.1)	Windows
Update for Mozilla Firefox (41.0.2)	Windows
Update for Mozilla Firefox ESR (38.3.0)	Windows
Update for Mozilla Thunderbird (38.3.0)	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.1.0	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.1.0	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.0	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.0.1	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.0.5	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.1.1	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.2.0	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 38.2.1	Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 40.0.3	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.0	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.0.1	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.0.5	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.1.1	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.2.0	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 38.2.1	Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 40.0.3	Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-302184	Update for Mozilla Firefox (41.0)
PATCH-302185	Update for Mozilla Firefox (41.0.1)
PATCH-302186	Update for Mozilla Firefox (41.0.2)
PATCH-302285	Update for Mozilla Firefox ESR (38.3.0)
PATCH-302898	Update for Mozilla Thunderbird (38.3.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234