Mozilla Firefox CVE-2015-4481 Race Condition Vulnerability

description-logoDescription

Security researcher James Forshaw, security researcher with Google Project Zero, reported that the Mozilla Maintenance Service on Windows can be made to write its log file in a restricted location with an arbitrary file name through the use of a hard link by means of a race condition. This can allow the log file to overwrite another named file that a user would not have the privileges to change. If the overwritten file is used as source input or script by a program with elevated privileges, it could allow for an escalation of privilege attack. This requires local file system access and the ability to execute local programs to be exploitable.

affected-products-logoAffected Applications

Firefox
Firefox ESR

CVE References

CVE-2015-4481