Test ID:	1.3.6.1.4.1.25623.1.2.1.2015.100
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2015-100) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: Arbitrary file manipulation by local user through Mozilla updater Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run, the updater can be manipulated to load the updated files from a working directory under user control in concert with junctions. When the updates are run by the Mozilla Maintenance Service on Windows, these malicious files can be run with elevated privileges and be used to replace arbitrary files on the system. This could allow for arbitrary code execution by a malicious user with local system access but does not allow for exploitation by web content. Affected Software/OS: Firefox version(s) below 41. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 6.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4505 http://www.securitytracker.com/id/1033640 SuSE Security Announcement: openSUSE-SU-2015:1658 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html SuSE Security Announcement: openSUSE-SU-2015:1679 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html SuSE Security Announcement: openSUSE-SU-2015:1681 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.