CVE-2015-4481

Published: Aug 16, 2015Modified: May 6, 2026

3.3

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability: 3.4 / Impact: 4.9

Source: NVD

Description

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

Affected (8)

Products: Mozilla: Firefox · Opensuse: Opensuse · Oracle: Solaris

1 product

1 product

1 product

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 39.0.3
Mozilla Firefox	Version 38.0.1
Mozilla Firefox	Version 38.0.5
Mozilla Firefox	Version 38.0
Mozilla Firefox	Version 38.1.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

Source: security@mozilla.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

Source: security@mozilla.org

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2015/mfsa2015-84.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

Third Party Advisory

http://www.securitytracker.com/id/1033247

Source: security@mozilla.org

http://www.securitytracker.com/id/1033372

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1171518

Source: security@mozilla.org

Issue Tracking

https://security.gentoo.org/glsa/201605-06

Source: security@mozilla.org

https://www.exploit-db.com/exploits/37925/

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2015/mfsa2015-84.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securitytracker.com/id/1033247

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1033372

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1171518

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://security.gentoo.org/glsa/201605-06

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/37925/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.