HTTP/2 Implementation Denial of Service Vulnerability in Mozilla Firefox

HTTP/2 Implementation Denial of Service Vulnerability in Mozilla Firefox

CVE-2015-7219 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation.

Learn more about our Cis Benchmark Audit For Mozilla Firefox.