Martin Thomson

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 56 Mozilla Firefox ESR versions prior to 52.4 Thunderbird versions prior to 52.4 **Description** The issue is related to a use-after-free error in the implementation of the TLS 1.2 protocol. This occurs when the handshake transcript exceeds the available space in the current buffer, causing the allocation of a new buffer and leaving a pointer to the old, freed buffer. As a result, a use-after-free error happens when handshake hashes are calculated, potentially leading to a crash. **Recommendations** For Mozilla Firefox versions prior to 56, update to version 56 or later to resolve the issue. For Mozilla Firefox ESR versions prior to 52.4, update to version 52.4 or later to resolve the issue. For Thunderbird versions prior to 52.4, update to version 52.4 or later to resolve the issue.