Stuart Larsen

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 **Description** The issue is related to the HTTP/2 implementation, which allows remote attackers to cause a denial of service due to an integer underflow, assertion failure, and application exit. This can be triggered by a malformed PushPromise frame that causes decompressed-buffer length miscalculation and incorrect memory allocation. **Recommendations** For versions prior to 43.0, update to version 43.0 or later to resolve the issue. As a temporary workaround, consider disabling HTTP/2 support until a patch is available. Restrict access to untrusted websites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 43.0 **Description** The issue is related to the HTTP/2 implementation, which allows remote attackers to cause a denial of service due to an integer underflow. This underflow triggers an assertion failure and application exit when a single-byte header frame is sent, causing incorrect memory allocation. **Recommendations** For versions prior to 43.0, update to version 43.0 or later to resolve the issue.