VDB
CVE-2015-4481
CVE-2015-4481
PUBLISHED
Reported by mozilla · Published August 16, 2015
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Exploit Intelligence
- 37925 (cve.org)
- Mozilla Maintenance Service Log File Overwrite Elevation of Privilege Exploit (0day-today)
Timeline
- Aug 16, 2015 CVE Published
- Aug 21, 2015 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- x_refsource_CONFIRM
- openSUSE-SU-2015:1454 vendor-advisoryx_refsource_SUSE
- openSUSE-SU-2015:1389 vendor-advisoryx_refsource_SUSE
- openSUSE-SU-2015:1453 vendor-advisoryx_refsource_SUSE
- x_refsource_CONFIRM
- 37925 exploitx_refsource_EXPLOIT-DB
- x_refsource_CONFIRM
- 1033247 vdb-entryx_refsource_SECTRACK
- GLSA-201605-06 vendor-advisoryx_refsource_GENTOO
- 1033372 vdb-entryx_refsource_SECTRACK
- openSUSE-SU-2015:1390 vendor-advisoryx_refsource_SUSE