Double Free Vulnerability in Mozilla Firefox 36.0 and earlier: Remote Code Execution and Denial of Service

Double Free Vulnerability in Mozilla Firefox 36.0 and earlier: Remote Code Execution and Denial of Service

CVE-2015-0828 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.