During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html | Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html | Exploit Third Party Advisory VDB Entry |
https://bugzilla.mozilla.org/show_bug.cgi?id=1599008 | Exploit Issue Tracking Permissions Required |
https://seclists.org/bugtraq/2020/Jan/18 | Mailing List Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2020-01/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2020-02/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2020-01-08T21:29:40
Updated: 2020-01-22T18:06:16
Reserved: 2019-09-30T00:00:00
Link: CVE-2019-17021
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-08T22:15:12.653
Modified: 2022-01-01T20:02:27.457
Link: CVE-2019-17021
JSON object: View
Redhat Information
No data.
CWE