Ekr

**Name of the Vulnerable Software and Affected Versions** Mozilla Network Security Services (NSS) versions prior to 3.21 Mozilla Firefox versions prior to 44.0 **Description** A use-after-free issue in the ssl3 HandleECDHServerKeyExchange function allows remote attackers to cause a denial of service or possibly have other impacts by making an SSL handshake at a time of high memory consumption. This can occur during (1) DHE or (2) ECDHE handshake. **Recommendations** For Mozilla Network Security Services (NSS) versions prior to 3.21, update to version 3.21 or later. For Mozilla Firefox versions prior to 44.0, update to version 44.0 or later.