Endpoint Vulnerability

Use-after-free in NSS during SSL connections in low memory

Description

Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.

Affected Products

Firefox

References

CVE-2016-1978,