Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-4481Race Condition in Mozilla Firefox

CWE-362Race Condition5 documents5 sources
Severity
3.3LOWNVD
EPSS
0.2%
top 62.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Mozilla FirefoxOpensuseOracle Solaris
Timeline
PublishedAug 16
Latest updateMay 14

Description

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages3 packages

NVDmozilla/firefox39.0.3+4
NVDoracle/solaris11.3
NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

3
GHSA
GHSA-fpjx-8wc2-5w5g: Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 402022-05-14
Project0
Between a Rock and a Hard Link - Project Zero2015-12-01
CVEList
CVE-2015-4481: Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 402015-08-16

💥Exploits & PoCs

1
Exploit-DB
Mozilla - Maintenance Service Log File Overwrite Privilege Escalation2015-08-21
CVE-2015-4481 — Race Condition in Mozilla Firefox | cvebase