Kaspar Brand discovered that Mozilla"s Network Security Services library did insufficient length checking in the QuickDER decoder, allowing to crash a program using the library.