HTTP/2 200
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-backend-server: bedrock-5bfdbb6f5f-974bk.gcp-us-west1
strict-transport-security: max-age=31536000
content-language: en-US
expires: Fri, 10 Oct 2025 07:13:26 GMT
etag: "64258a3d281782b82b662592ab0ca833"
x-frame-options: DENY
x-clacks-overhead: GNU Terry Pratchett
cache-control: max-age=600
server: granian
content-security-policy-report-only: base-uri 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; object-src 'none'; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; default-src 'self' *.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; style-src 'self' www.mozilla.org; font-src 'self' www.mozilla.org; frame-ancestors 'none'; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/
content-type: text/html; charset=utf-8
content-security-policy: base-uri 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; object-src 'none'; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; default-src 'self' *.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; style-src 'self' 'unsafe-inline' www.mozilla.org; font-src 'self' www.mozilla.org; frame-ancestors 'none'; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/
x-content-type-options: nosniff
content-encoding: gzip
accept-ranges: bytes
age: 0
date: Fri, 10 Oct 2025 07:03:27 GMT
x-served-by: cache-bom-vanm7210088-BOM, cache-bom-vanm7210094-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1760079807.804203,VS0,VE383
vary: Accept-Encoding
content-length: 7215
JavaScript garbage collection crash with Java applet — Mozilla
Help us improve your Mozilla experience
In addition to Cookies necessary for this site to function, we’d like your permission to set some additional Cookies to better understand your browsing needs and improve your experience. Rest assured — we value your privacy.
Accept All Additional Cookies
Reject All Additional Cookies
Cookie settings
Mozilla Foundation Security Advisory 2015-130
JavaScript garbage collection crash with Java applet
Announced
November 3, 2015
Reporter
Vytautas Staraitis
Impact
High Products
Firefox, Firefox ESR
Fixed in
Firefox 42
Firefox ESR 38.4
Description
Mozilla community member Vytautas Staraitis reported an issue with the
interaction of Java applets and JavaScript. The Java plugin can deallocate a JavaScript
wrapper when it is still in use, which leads to a JavaScript garbage collection crash.
This crash is potentially exploitable.
This issue only affects systems where Java is installed and enabled as a
browser plugin. Other systems are unaffected.
References
