firefox is vulnerable to denial of service. The vulnerability exists due to a use-after-free that occur when an HTTP2 session object was released on a different thread.
bugzilla.mozilla.org/show_bug.cgi?id=1667102
lists.debian.org/debian-lts-announce/2021/12/msg00030.html
lists.debian.org/debian-lts-announce/2022/01/msg00001.html
security-tracker.debian.org/tracker/CVE-2021-43535
www.debian.org/security/2021/dsa-5026
www.debian.org/security/2022/dsa-5034
www.mozilla.org/security/advisories/mfsa2021-43/
www.mozilla.org/security/advisories/mfsa2021-49/
www.mozilla.org/security/advisories/mfsa2021-50/