During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1599008
https://seclists.org/bugtraq/2020/Jan/18
Source: MITRE
Published: 2020-01-08
Updated: 2020-01-13
Type: CWE-200
Base Score: 2.6
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 4.9
Severity: LOW
Base Score: 5.3
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 1.6
Severity: MEDIUM
AND
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
133199 | openSUSE Security Update : MozillaThunderbird (openSUSE-2020-94) | Nessus | SuSE Local Security Checks | medium |
132949 | openSUSE Security Update : MozillaFirefox (openSUSE-2020-60) | Nessus | SuSE Local Security Checks | medium |
132921 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0078-1) | Nessus | SuSE Local Security Checks | medium |
132852 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0068-1) | Nessus | SuSE Local Security Checks | medium |
132847 | Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-010-01) | Nessus | Slackware Local Security Checks | medium |
132774 | Mozilla Thunderbird < 68.4.1 | Nessus | Windows | medium |
132711 | Mozilla Firefox ESR < 68.4 Multiple Vulnerabilities | Nessus | Windows | medium |
132709 | Mozilla Firefox < 72.0 Multiple Vulnerabilities | Nessus | Windows | medium |