CWE-583

finalize() Method Declared Public

VariantIncomplete

Description

The product violates secure coding principles for mobile code by declaring a finalize() method public.

A product should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke a finalize() method because it is declared with public access.

Hierarchy (View 1000)

Parents

CWE-668

Children

none

CVEs mapped to this weakness (0)

No CVEs match the current filter.