Multiple Apple Products Multiple Security Vulnerabilities
15 Sep. 2015
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
The information has been provided by Felipe Andres Manzano of the Binamuse VRT, Gaurav Baruah working with HP's Zero Day Initiative, Ian Beer of Google Project Zero, TaiG Jailbreak Team, @beist, @PanguTeam, Stefan Esser.
* Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2
* Mozilla Firefox after 40.0 and Firefox ESR 38.x after 38.2
Multiple Apple products are prone to multiple security vulnerabilities. The update addresses new vulnerabilities that affect CoreGraphics, FontParser, Foundation, IOAcceleratorFamily, IOHIDFamily, Kernel, and libnetcoreCore components. Attackers can exploit these issues to execute arbitrary code, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.