CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
92.6%
The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote
attackers to cause a denial of service (integer underflow, assertion
failure, and application exit) via a malformed PushPromise frame that
triggers decompressed-buffer length miscalculation and incorrect memory
allocation.