PT-2016-4930 · Mozilla+2 · Network Security Services+3

Hanno Böck

Published

2016-01-26

Updated

2024-12-12

CVE-2016-1938

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Network Security Services (NSS) versions prior to 3.21 Mozilla Firefox versions prior to 44.0

Description The issue is related to the improper division of numbers in the s mp div function, which might make it easier for remote attackers to defeat cryptographic protection mechanisms. This is achieved by leveraging the use of the mp div or mp exptmod function.

Recommendations For Mozilla Network Security Services (NSS) versions prior to 3.21, update to version 3.21 or later. For Mozilla Firefox versions prior to 44.0, update to version 44.0 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2016-1938

DLA-427-1

DLA-480-1

DSA-3688-1

OPENSUSE-SU-2016_0309-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2016:0334-1

SUSE-SU-2016:0338-1

SUSE-SU-2016:0584-1

USN-2880-1

USN-2880-2

USN-2903-1

USN-2973-1

Affected Products

Firefox

Network Security Services

Suse

Ubuntu

PT-2016-4930 · Mozilla+2 · Network Security Services+3

CVE-2016-1938

Weakness Enumeration

Related Identifiers

Affected Products

References · 2128