The host is installed with Mozilla Firefox before 45.0 or Mozilla Thunderbird 38.x before 38.8 and is prone to an use-after-free vulnerability. A flaw is present in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS), which fails to handle a crafted key data with DER encoding. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecified other impact.