PT-2015-2167 · Mozilla+1 · Firefox+2

Holger Fuhrmannek

Publicado

2015-09-22

Atualizado

2024-12-12

CVE-2015-4505

CVSS v2.0

6.6

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 41.0 Firefox ESR versions prior to 38.3

Description The issue is related to insufficient access control to files in the updater.exe component of Firefox and Firefox ESR browsers. This can be exploited by a local attacker to read arbitrary files during the software update process. Additionally, it allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.

Recommendations For Mozilla Firefox versions prior to 41.0, update to version 41.0 or later. For Firefox ESR versions prior to 38.3, update to version 38.3 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2015-11513

CVE-2015-4505

OPENSUSE-SU-2015_1658-1

OPENSUSE-SU-2015_1679-1

OPENSUSE-SU-2015_1681-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

Produtos afetados

Firefox

Firefox Esr

Suse

PT-2015-2167 · Mozilla+1 · Firefox+2

CVE-2015-4505

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2152