Martin Thomson discovered that nss, the Mozilla Network Security Service library, is prone to a use-after-free vulnerability in the TLS 1.2 implementation when handshake hashes are generated. A remote attacker can take advantage of this flaw to cause an application using the nss library to crash, resulting in a denial of service, or potentially to execute arbitrary code.
CVE: (none) => CVE-2017-7805
https://advisories.mageia.org/CVE-2017-7805.html *** This bug has been marked as a duplicate of bug 21785 ***
Resolution: (none) => DUPLICATEStatus: NEW => RESOLVED