Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMozillaCVE-2015-4505
HistorySep 24, 2015 - 4:59 a.m.

CVE-2015-4505

2015-09-2404:59:08
CWE-264
mozilla
web.nvd.nist.gov
40
cve-2015-4505
mozilla firefox
updater.exe
vulnerability
windows
local users
arbitrary files
junction attack
mozilla maintenance service

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

5.1%

JSON

updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.

Affected configurations

Nvd
Node
mozillafirefox_esrMatch38.0
OR
mozillafirefox_esrMatch38.0.1
OR
mozillafirefox_esrMatch38.0.5
OR
mozillafirefox_esrMatch38.1.0
OR
mozillafirefox_esrMatch38.1.1
OR
mozillafirefox_esrMatch38.2.0
OR
mozillafirefox_esrMatch38.2.1
AND
microsoftwindows
Node
mozillafirefoxRange40.0.3
AND
microsoftwindows
VendorProductVersionCPE
mozillafirefox_esr38.0cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
mozillafirefox_esr38.0.1cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
mozillafirefox_esr38.0.5cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
mozillafirefox_esr38.1.0cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
mozillafirefox_esr38.1.1cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*
mozillafirefox_esr38.2.0cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
mozillafirefox_esr38.2.1cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Related

ubuntucve 1
mozilla 1
prion 1
nvd 1
cvelist 1
openvas 6
nessus 6
suse 3
freebsd 1
securityvulns 1
kaspersky 1
ubuntucve
ubuntucve
CVE-2015-4505
2015-09-24 00:00:00
mozilla
mozilla
Arbitrary file manipulation by local user through Mozilla updater — Mozilla
2015-09-22 00:00:00
prion
prion
Code injection
2015-09-24 04:59:00
nvd
nvd
CVE-2015-4505
2015-09-24 04:59:08
cvelist
cvelist
CVE-2015-4505
2015-09-24 01:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-100) - Linux
2021-11-11 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities (Sep 2015) - Windows
2015-09-29 00:00:00
openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2015:1679-1)
2015-10-06 00:00:00
nessus
nessus
openSUSE Security Update : MozillaThunderbird (openSUSE-2015-631)
2015-10-06 00:00:00
Firefox ESR < 38.3 Multiple Vulnerabilities
2015-09-22 00:00:00
openSUSE Security Update : seamonkey (openSUSE-2015-632)
2015-10-06 00:00:00
suse
suse
Security update for MozillaThunderbird (important)
2015-10-05 18:09:37
Security update for seamonkey (important)
2015-10-05 18:10:25
Security update for MozillaFirefox (important)
2015-10-01 10:09:18
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-09-22 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-10-19 00:00:00
kaspersky
kaspersky
KLA10672 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-09-22 00:00:00

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

5.1%

JSON
Related for CVE-2015-4505
ubuntucve1mozilla1prion1nvd1cvelist1openvas6nessus6suse3freebsd1securityvulns1kaspersky1