diff --git a/SOURCES/Free-dangling-reference.patch b/SOURCES/Free-dangling-reference.patch
new file mode 100644
index 0000000..b2d3554
--- /dev/null
+++ b/SOURCES/Free-dangling-reference.patch
@@ -0,0 +1,29 @@
+diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c
+--- a/lib/pk11wrap/pk11cert.c
++++ b/lib/pk11wrap/pk11cert.c
+@@ -976,18 +976,25 @@ PK11_ImportCert(PK11SlotInfo *slot, CERT
+ 	cert->istemp = PR_FALSE;
+ 	cert->isperm = PR_TRUE;
+     }
+ 
+     /* add the new instance to the cert, force an update of the
+      * CERTCertificate, and finish
+      */
+     nssPKIObject_AddInstance(&c->object, certobj);
++    /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
++     * replace 'c' by a different value. So we add a reference to 'c' to
++     * prevent 'c' from being destroyed. */
++    nssCertificate_AddRef(c);
+     nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
++    /* XXX should we pass the original value of 'c' to
++     * STAN_ForceCERTCertificateUpdate? */
+     (void)STAN_ForceCERTCertificateUpdate(c);
++    nssCertificate_Destroy(c);
+     SECITEM_FreeItem(keyID,PR_TRUE);
+     return SECSuccess;
+ loser:
+     CERT_MapStanError();
+     SECITEM_FreeItem(keyID,PR_TRUE);
+     if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
+ 	PORT_SetError(SEC_ERROR_ADDING_CERT);
+     }
diff --git a/SPECS/nss.spec b/SPECS/nss.spec
index 0dc3202..e5acc89 100644
--- a/SPECS/nss.spec
+++ b/SPECS/nss.spec
@@ -20,7 +20,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.15.4
-Release:          6%{?dist}
+Release:          7%{?dist}
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -104,6 +104,9 @@ Patch61:          nss-ecc-list-3.15.3.patch
 Patch62:          dont-hold-issuer-cert-handles-in-crl-cache.patch
 # Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=977673
 Patch63:          dont-disable-internal-module.patch
+# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=963150
+# Remove when we update to nss-3.16.2
+Patch72: Free-dangling-reference.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -201,6 +204,9 @@ popd
 %patch61 -p0 -b .ecc-lists
 %patch62 -p0 -b .1034409
 %patch63 -p0 -b .1056036
+pushd nss
+%patch72 -p1 -b .dangling
+popd
 
 #########################################################
 # Higher-level libraries and test tools need access to
@@ -763,6 +769,10 @@ fi
 
 
 %changelog
+* Fri Jul 04 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-7
+- Fix race-condition in certificate validation
+- Resolves: Bug 1116201
+
 * Mon Mar 03 2014 Elio Maldonado <emaldona@redhat.com> - 3.15.4-6
 - Disallow disabling the internal module
 - Resolves: Bug 1056036 - nss segfaults with opencryptoki module