NSS and NSPR memory corruption issues
Mozilla engineers Tyson Smith and David Keeler reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security Services (NSS). These issues were in octet string parsing and were found through fuzzing and code inspection. If these issues were triggered, they would lead to a potentially exploitable crash. These issues were fixed in NSS version 18.104.22.168 and 3.19.4, shipped in Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.