Jonas Allmann

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 60.8 Firefox versions prior to 68 Thunderbird versions prior to 60.8 **Description** The issue is related to the handling of p256-ECDH public keys, where empty or malformed keys may cause a segmentation fault due to improper sanitization before being used in memory. This can potentially allow a remote attacker to cause a denial of service. **Recommendations** For Firefox ESR versions prior to 60.8, update to version 60.8 or later. For Firefox versions prior to 68, update to version 68 or later. For Thunderbird versions prior to 60.8, update to version 60.8 or later.