Robert Kaiser

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 37.0.2 **Description** The issue is related to a race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function. This allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization. **Recommendations** For versions prior to 37.0.2, update to version 37.0.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of plugins that do not properly complete initialization until a patch is available. Restrict access to potentially vulnerable plugins to minimize the risk of exploitation.