Endpoint Vulnerability

Arbitrary file overwriting through Mozilla Maintenance Service with hard links

Description

Security researcher James Forshaw, security researcher with Google Project Zero, reported that the Mozilla Maintenance Service on Windows can be made to write its log file in a restricted location with an arbitrary file name through the use of a hard link by means of a race condition. This can allow the log file to overwrite another named file that a user would not have the privileges to change. If the overwritten file is used as source input or script by a program with elevated privileges, it could allow for an escalation of privilege attack. This requires local file system access and the ability to execute local programs to be exploitable.

Affected Products

SeaMonkey

References

CVE-2015-4481,