CVE-2019-17021

MEDIUM Year: 2019
CVSS v3 Score
5.3
Medium
CVSS v2 Score
2.6
Low
Weakness Type
CWE-362
View all →

Vulnerability Description

During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

Related Vulnerabilities

CVE-2010-5153

MEDIUM
CVSS:5.3(Medium)

Race condition in Avira Premium Security Suite 10.0.0.536 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler ...

CWE-3622010

CVE-2010-5164

MEDIUM
CVSS:5.3(Medium)

Race condition in KingSoft Personal Firewall 9 Plus 2009.05.07.70 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a ...

CWE-3622010

CVE-2016-1670

MEDIUM
CVSS:5.3(Medium)

Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make...

CWE-3622016

CVE-2016-3106

MEDIUM
CVSS:5.3(Medium)

Pulp before 2.8.3 creates a temporary directory during CA key generation in an insecure manner.

CWE-3622016

CVE-2016-4247

MEDIUM
CVSS:5.3(Medium)

Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via...

CWE-3622016

CVE-2017-14748

MEDIUM
CVSS:5.3(Medium)

Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific ti...

CWE-3622017