PT-2016-1466 · Mozilla+4 · Firefox Esr+6

Francis Gabriel

·

Published

2016-03-08

·

Updated

2024-12-12

·

CVE-2016-1950

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions 3.19.2.3 and earlier, 3.20.x, and 3.21.x before 3.21.1 Mozilla Firefox versions prior to 45.0 Firefox ESR 38.x versions prior to 38.7
Description The issue is caused by a heap-based buffer overflow in the Network Security Services (NSS) library, allowing remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. This can be exploited by a remote attacker using specially formed ASN.1 data.
Recommendations For Mozilla Network Security Services (NSS) versions 3.19.2.3 and earlier, 3.20.x, and 3.21.x before 3.21.1, update to version 3.19.2.3 or later, or 3.21.1 or later. For Mozilla Firefox versions prior to 45.0, update to version 45.0 or later. For Firefox ESR 38.x versions prior to 38.7, update to version 38.7 or later.

Fix

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2016-00767
CESA-2016_0370
CVE-2016-1950
DLA-480-1
DSA-3510-1
DSA-3520-1
DSA-3688-1
MGASA-2016-0105
MGASA-2016-0114
OPENSUSE-SU-2016_0731-1
OPENSUSE-SU-2016_0733-1
OPENSUSE-SU-2016_1557-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:10451-1
OPENSUSE-SU-2024:14572-1
RHSA-2016:0370
RHSA-2016:0371
RHSA-2016:0495
RHSA-2016_0370
RHSA-2016_0371
SUSE-SU-2016:0727-1
SUSE-SU-2016:0777-1
SUSE-SU-2016:0909-1
SUSE-SU-2016_0727-1
SUSE-SU-2016_0777-1
SUSE-SU-2016_0909-1
SUSE-SU-2017:1175-1
SUSE-SU-2017:1248-1
USN-2917-1
USN-2917-2
USN-2917-3
USN-2924-1
USN-2934-1

Affected Products

Centos
Firefox
Firefox Esr
Network Security Services
Red Hat
Suse
Ubuntu