Tim Taubert

**Name of the Vulnerable Software and Affected Versions** Network Security Services (NSS) versions prior to 3.21.1 Mozilla Firefox versions prior to 45.0 **Description** The issue is related to a use-after-free vulnerability in the `PK11 ImportDERPrivateKeyInfoAndReturnKey` function. This vulnerability can be exploited by a remote attacker using specially crafted key data with DER encoding, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For Network Security Services (NSS) versions prior to 3.21.1, update to version 3.21.1 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. As a temporary workaround, consider restricting the use of the `PK11 ImportDERPrivateKeyInfoAndReturnKey` function until a patch is available.