Fernando Ribeiro

**Name of the Vulnerable Software and Affected Versions** libnss3 versions (affected versions not specified) libnspr4 versions (affected versions not specified) libnspr-dev versions (affected versions not specified) libnss-dev versions (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the libnss3, libnspr4, libnspr-dev, and libnss-dev packages of the Debian GNU/Linux operating system. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. In the context of Firefox, a double free vulnerability in the getRawDER function for nsIX509Cert allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain JavaScript code. **Recommendations** For libnss3, consider updating to a version that includes the necessary security patches. For libnspr4, restrict access to vulnerable functions until a patch is available. For libnspr-dev, avoid using the vulnerable package until the issue is resolved. For libnss-dev, as a temporary workaround, consider disabling the vulnerable components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.