A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.
bugzilla.redhat.com/show_bug.cgi?id=1622089
www.cve.org/CVERecord?id=CVE-2018-12384 https://nvd.nist.gov/vuln/detail/CVE-2018-12384 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes