Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user.
This issue has been addressed in the NSS releases shipping on affected Mozilla products:
Projects using NSS 3.21 should update the new 3.21.1 release.