nss is vulnerable to remote code execution. The vulnerability exists due to a flaw in the way NSS verifies certificates allowing an attacker to pose as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection.
bugzilla.mozilla.org/show_bug.cgi?id=1737470
cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf
ftp.mozilla.org/pub/security/nss/releases/NSS_3_68_1_RTM/
ftp.mozilla.org/pub/security/nss/releases/NSS_3_73_RTM/
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/community.yaml
secdb.alpinelinux.org/v3.14/community.yaml
secdb.alpinelinux.org/v3.15/community.yaml
security.netapp.com/advisory/ntap-20211229-0002/
www.mozilla.org/security/advisories/mfsa2021-51/
www.oracle.com/security-alerts/cpuapr2022.html
www.starwindsoftware.com/security/sw-20220802-0001/