Eric Rescorla

**Name of the Vulnerable Software and Affected Versions** Mozilla Network Security Services (NSS) versions prior to 3.21 Mozilla Firefox versions prior to 44.0 **Description** A use-after-free issue in the ssl3 HandleECDHServerKeyExchange function allows remote attackers to cause a denial of service or possibly have other impacts by making an SSL handshake at a time of high memory consumption. This can occur during (1) DHE or (2) ECDHE handshake. **Recommendations** For Mozilla Network Security Services (NSS) versions prior to 3.21, update to version 3.21 or later. For Mozilla Firefox versions prior to 44.0, update to version 44.0 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 28.0.1500.71 **Description** The issue is related to insufficient entropy for renderer processes, which could make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components. **Recommendations** For versions prior to 28.0.1500.71, update to version 28.0.1500.71 or later to resolve the issue.