PT-2020-6715 · Mozilla+2 · Firefox+2

Thomas Imbert

Published

2020-01-07

Updated

2024-06-15

CVE-2019-17021

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:H/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 68.4 Firefox versions prior to 72

Description A race condition occurs during the initialization of a new content process, potentially allowing a content process to disclose heap addresses from the parent process. This issue is specific to Windows and does not affect other operating systems. The vulnerability is related to synchronization errors when using shared resources, which could allow a remote attacker to disclose protected information.

Recommendations For Firefox ESR versions prior to 68.4, update to version 68.4 or later. For Firefox versions prior to 72, update to version 72 or later.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2020-1013

ALT-PU-2020-1032

ALT-PU-2020-1110

ALT-PU-2020-1166

ALT-PU-2020-1515

ALT-PU-2020-1617

BDU:2022-05738

CVE-2019-17021

OPENSUSE-SU-2020:0060-1

OPENSUSE-SU-2020:0094-1

OPENSUSE-SU-2020_0060-1

OPENSUSE-SU-2020_0094-1

OPENSUSE-SU-2024:10601-1

SUSE-SU-2020:0068-1

SUSE-SU-2020:0078-1

SUSE-SU-2020:0142-1

SUSE-SU-2020:14268-1

Affected Products

Alt Linux

Firefox

Suse

PT-2020-6715 · Mozilla+2 · Firefox+2

CVE-2019-17021

Weakness Enumeration

Related Identifiers

Affected Products

References · 438