3.3

CVE-2015-4481

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 39.0.3
   MicrosoftWindows
MozillaFirefox Version38.0
   MicrosoftWindows
MozillaFirefox Version38.0.1
   MicrosoftWindows
MozillaFirefox Version38.0.5
   MicrosoftWindows
MozillaFirefox Version38.1.0
   MicrosoftWindows
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
OracleSolaris Version11.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.8% 0.517
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 3.4 4.9
AV:L/AC:M/Au:N/C:N/I:P/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
https://security.gentoo.org/glsa/201605-06
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
http://www.securitytracker.com/id/1033247
http://www.securitytracker.com/id/1033372
http://www.mozilla.org/security/announce/2015/mfsa2015-84.html
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1171518
Issue Tracking
https://www.exploit-db.com/exploits/37925/