Mozilla Foundation Security Advisory 2016-15
Use-after-free in NSS during SSL connections in low memory
- Announced
- January 26, 2016
- Reporter
- Eric Rescorla
- Impact
- Moderate
- Products
- Firefox, Firefox ESR, NSS
- Fixed in
-
- Firefox 44
- Firefox ESR 38.8
- NSS 3.19.2.4
- NSS 3.21
Description
Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.