Lucene search

K

PRIOn knowledge basePRION:CVE-2015-4481

HistoryAug 16, 2015 - 1:59 a.m.

Race condition

2015-08-1601:59:00

PRIOn knowledge base

www.prio-n.com

6

6.9 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0005 Low

EPSS

Percentile

14.5%

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

CPENameOperatorVersion
firefoxle39.0.3
firefox_esreq38.0
firefox_esreq38.0.1
firefox_esreq38.0.5
firefox_esreq38.1.0
opensuseeq13.1
opensuseeq13.2
solariseq11.3

References

lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

www.mozilla.org/security/announce/2015/mfsa2015-84.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securitytracker.com/id/1033247

www.securitytracker.com/id/1033372

bugzilla.mozilla.org/show_bug.cgi?id=1171518

security.gentoo.org/glsa/201605-06

www.exploit-db.com/exploits/37925/

6.9 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0005 Low

EPSS

Percentile

14.5%

Related for PRION:CVE-2015-4481

zdt1 ubuntucve1 cve1 mozilla1 cvelist1 googleprojectzero1 kaspersky1 nessus9 openvas4 freebsd1 suse2 ibm1 securityvulns1 gentoo1