Denial of Service and Arbitrary Code Execution via Crafted Java Applet in Mozilla Firefox

Denial of Service and Arbitrary Code Execution via Crafted Java Applet in Mozilla Firefox

CVE-2015-7196 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.

Learn more about our Web Application Penetration Testing UK.