PT-2015-2167 · Mozilla+1 · Firefox+2

Holger Fuhrmannek

Published

2015-09-22

Updated

2024-12-12

CVE-2015-4505

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 41.0 Firefox ESR versions prior to 38.3

Description The issue is related to insufficient access control to files in the updater.exe component of Firefox and Firefox ESR browsers. This can be exploited by a local attacker to read arbitrary files during the software update process. Additionally, it allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.

Recommendations For Mozilla Firefox versions prior to 41.0, update to version 41.0 or later. For Firefox ESR versions prior to 38.3, update to version 38.3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2015-11513

CVE-2015-4505

OPENSUSE-SU-2015_1658-1

OPENSUSE-SU-2015_1679-1

OPENSUSE-SU-2015_1681-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

Affected Products

Firefox

Firefox Esr

Suse

PT-2015-2167 · Mozilla+1 · Firefox+2

CVE-2015-4505

Weakness Enumeration

Related Identifiers

Affected Products

References · 2152