Race Condition Vulnerability in Mozilla Firefox and Firefox for Android
CVE-2021-29952

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox For Android
Vendor: CVE Published:; 24 June 2021

Summary

A race condition in the Web Render components of Mozilla Firefox and Firefox for Android may lead to undefined behavior upon destruction. This flaw could potentially be exploited to execute arbitrary code under certain conditions, particularly affecting users on versions prior to 88.0.1 for Firefox and prior to 88.1.3 for Firefox for Android.

Affected Version(s)

Firefox < 88.0.1

Firefox for Android < 88.1.3

References

https://www.mozilla.org/security/advisories/mfsa2021-20/

x_refsource_MISC

https://bugzilla.mozilla.org/show_bug.cgi?id=1704227

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 24, 2021
Vulnerability Reserved
Apr 1, 2021