Francis Gabriel

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.4 **Description** The issue is related to the code-signing subsystem, which does not properly verify file ownership. This allows local users to determine the existence of arbitrary files via unspecified vectors. The vulnerability is associated with incorrect file owner verification, enabling a local attacker to exploit it and determine the presence of arbitrary files. **Recommendations** For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Network Security Services (NSS) versions 3.19.2.3 and earlier, 3.20.x, and 3.21.x before 3.21.1 Mozilla Firefox versions prior to 45.0 Firefox ESR 38.x versions prior to 38.7 **Description** The issue is caused by a heap-based buffer overflow in the Network Security Services (NSS) library, allowing remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. This can be exploited by a remote attacker using specially formed ASN.1 data. **Recommendations** For Mozilla Network Security Services (NSS) versions 3.19.2.3 and earlier, 3.20.x, and 3.21.x before 3.21.1, update to version 3.19.2.3 or later, or 3.21.1 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR 38.x versions prior to 38.7, update to version 38.7 or later.