Arbitrary File Write Vulnerability in Mozilla Firefox Updater

Arbitrary File Write Vulnerability in Mozilla Firefox Updater

CVE-2015-4505 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:C/A:C

updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.