#VU24059 Race condition in Mozilla Firefox and Firefox ESR - CVE-2019-17021
Published: January 7, 2020 / Updated: January 8, 2020
Vulnerability identifier: #VU24059
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-17021
CWE-ID: CWE-362
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Firefox ESR
Mozilla Firefox
Firefox ESR
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a race condition that occurs during the initialization of a new content process. A remote attacker can exploit the race to gain access to potentially sensitive information, such as heap addresses from the parent process.
Note, this vulnerability affects Windows users only.
Remediation
Install updates from vendor's website.