CVE-2015-4481: Race Condition
First published: Sun Aug 16 2015(Updated: )
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Mozilla Firefox | <=39.0.3 | |
| Mozilla Firefox | =38.0 | |
| Mozilla Firefox | =38.0.1 | |
| Mozilla Firefox | =38.0.5 | |
| Mozilla Firefox | =38.1.0 | |
| Microsoft Windows | ||
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| Oracle Solaris SPARC | =11.3 | |
| Mozilla Firefox | <=39.0.3 | |
| Mozilla Firefox ESR | =38.0 | |
| Mozilla Firefox ESR | =38.0.1 | |
| Mozilla Firefox ESR | =38.0.5 | |
| Mozilla Firefox ESR | =38.1.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-84.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1033247
- http://www.securitytracker.com/id/1033372
- https://bugzilla.mozilla.org/show_bug.cgi?id=1171518
- https://security.gentoo.org/glsa/201605-06
- https://www.exploit-db.com/exploits/37925/
Frequently Asked Questions
What is the severity of CVE-2015-4481?
CVE-2015-4481 is classified as a high severity vulnerability due to its potential to allow local users to gain elevated privileges.
How do I fix CVE-2015-4481?
To fix CVE-2015-4481, update Mozilla Firefox to version 40.0 or later, or use the corresponding patched version of Firefox ESR.
Which versions of Mozilla Firefox are affected by CVE-2015-4481?
CVE-2015-4481 affects Mozilla Firefox versions prior to 40.0 and Firefox ESR versions prior to 38.2.
Is CVE-2015-4481 specific to any operating systems?
Yes, CVE-2015-4481 primarily affects Mozilla Firefox installations on Windows systems.
Can CVE-2015-4481 be exploited remotely?
No, CVE-2015-4481 requires local access to exploit the race condition.
- agent/type
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/weakness
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/39.0.3
- version/mozilla firefox/38.0
- version/mozilla firefox/38.0.1
- version/mozilla firefox/38.0.5
- version/mozilla firefox/38.1.0
- vendor/microsoft
- canonical/microsoft windows
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/oracle
- canonical/oracle solaris sparc
- version/oracle solaris sparc/11.3
- canonical/mozilla firefox esr
- version/mozilla firefox esr/38.0
- version/mozilla firefox esr/38.0.1
- version/mozilla firefox esr/38.0.5
- version/mozilla firefox esr/38.1.0