[414124] RSA signature malleability in NSS (CVE-2014-1568). Thanks to

Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith and Advanced Threat Research team at Intel Security