CVE-2015-2706

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 37.0.2

Description The issue is related to a race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent function. This allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted plugin that does not properly complete initialization.

Recommendations For versions prior to 37.0.2, update to version 37.0.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of plugins that do not properly complete initialization until a patch is available. Restrict access to potentially vulnerable plugins to minimize the risk of exploitation.