Henry Corrigan-Gibbs

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 60.8 Firefox versions prior to 68 Thunderbird versions prior to 60.8 **Description** The issue is related to an out-of-bounds read in the Network Security Services (NSS) library when importing a curve25519 private key in PKCS#8 format with leading 0x00 bytes. This could lead to information disclosure. **Recommendations** For Firefox ESR versions prior to 60.8, update to version 60.8 or later. For Firefox versions prior to 68, update to version 68 or later. For Thunderbird versions prior to 60.8, update to version 60.8 or later.