It has been reported NSS servers can be remotely crashed by sending some invalid key data. Based on the stack provided in the bug report, the reason for the crash seems to be an omitted NULL check, where the implementation assumes that a parameter can never be NULL (the latest version of NSS still has the same code). In this particular scenario, the crashing function PK11_SignWithSymKey was called from ssl3_ComputeRecordMACConstantTime.
*** This bug has been marked as a duplicate of bug 1383883 ***