There's a serious vulnerability in NSS: "An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled."
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767 Apparently it is fixed in NSS, but they don't seem to say in which version: https://www.mozilla.org/en-US/security/known-vulnerabilities/nss/ Help wanted to fix this bug!
