Mt

**Name of the Vulnerable Software and Affected Versions** Network Security Services (NSS) versions prior to 3.39 **Description** The issue is related to errors in generating values when handling SSLv2-compatible ClientHello requests, allowing for the full malleability of the ClientHello for SSLv2 used for TLS 1.2. This can enable a remote attacker to gain unauthorized access to protected information, potentially compromising the confidentiality and integrity of the data. The vulnerability does not impact TLS 1.3. **Recommendations** For versions prior to 3.39, update to version 3.39 or later to resolve the issue. As a temporary workaround, consider restricting the use of SSLv2-compatible ClientHello requests until a patch is available.