Failing to declare a class final can enable which of the following attacks on a developer’s code?

A.
Session hijacking via compromised session cookies

B.
Decompilation of java class files (including those in APK files), revealing sensitive data

C.
Attacker can use data injection (e.g., SQL injection, Cross-site scripting) to corrupt data in the
application or the DOM

D.
Attacker can potentially extend a class and define new methods that access sensitive data from
inside the scope of the class

Explanation: