CVE-2021-29952

CWE-362Race ConditionCWE-3678 documents8 sources
Severity
7.5HIGH
EPSS
0.3%
top 51.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Firefox FOR Android
Timeline
PublishedJun 24
Latest updateMay 24

Description

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

CVEListV5mozilla/firefox_for_androidunspecified88.1.3
CVEListV5mozilla/firefoxunspecified88.0.1
NVDmozilla/firefox< 88.0.1+1
Ubuntufirefox< 88.0.1+build1-0ubuntu0.18.04.2+1

🔴Vulnerability Details

3
GHSA
GHSA-37c3-xqfq-pgfj: When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have bee2022-05-24
CVEList
CVE-2021-29952: When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have bee2021-06-24
OSV
CVE-2021-29952: When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have bee2021-05-07

📋Vendor Advisories

4
Ubuntu
Firefox vulnerability2021-05-10
Red Hat
Mozilla: Race condition in Web Render Components2021-05-05
Debian
CVE-2021-29952: firefox - When Web Render components were destructed, a race condition could have caused u...2021
Mozilla
Mozilla Foundation Security Advisory 2021-20: CVE-2021-29952
CVE-2021-29952 (HIGH CVSS 7.5) | When Web Render components were des | cvebase.io