CVE-2016-1950

MEDIUM

Description

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

References

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

http://rhn.redhat.com/errata/RHSA-2016-0495.html

http://www.debian.org/security/2016/dsa-3510

http://www.debian.org/security/2016/dsa-3520

http://www.debian.org/security/2016/dsa-3688

http://www.mozilla.org/security/announce/2016/mfsa2016-35.html

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/84223

http://www.securitytracker.com/id/1035215

http://www.ubuntu.com/usn/USN-2917-1

http://www.ubuntu.com/usn/USN-2917-2

http://www.ubuntu.com/usn/USN-2917-3

http://www.ubuntu.com/usn/USN-2924-1

http://www.ubuntu.com/usn/USN-2934-1

https://bto.bluecoat.com/security-advisory/sa119

https://bugzilla.mozilla.org/show_bug.cgi?id=1245528

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes

https://security.gentoo.org/glsa/201605-06

https://support.apple.com/HT206166

https://support.apple.com/HT206167

https://support.apple.com/HT206168

https://support.apple.com/HT206169

Details

Source: MITRE

Published: 2016-03-13

Updated: 2019-12-27

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 9.2.1 (inclusive)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.11.3 (inclusive)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* versions up to 9.1 (inclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* versions up to 2.1 (inclusive)

Configuration 4

OR

cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*

cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Tenable Plugins

View all (49 total)

IDNameProductFamilySeverity
100151SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss, mozilla-nspr, java-1_8_0-openjdk (SUSE-SU-2017:1248-1)NessusSuSE Local Security Checks
high
99992SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss, mozilla-nspr (SUSE-SU-2017:1175-1)NessusSuSE Local Security Checks
high
99766EulerOS 2.0 SP1 : nss-util (EulerOS-SA-2016-1003)NessusHuawei Local Security Checks
medium
99568OracleVM 3.3 / 3.4 : nss / nss-util (OVMSA-2017-0065)NessusOracleVM Local Security Checks
medium
94930OracleVM 3.3 / 3.4 : nssnss-util (OVMSA-2016-0159)NessusOracleVM Local Security Checks
medium
94160Oracle GlassFish Server 2.1.1.x < 2.1.1.29 Mozilla NSS ASN.1 Structure Handling RCE (October 2016 CPU)NessusWeb Servers
medium
93871Debian DSA-3688-1 : nss - security update (Logjam) (SLOTH)NessusDebian Local Security Checks
high
92765F5 Networks BIG-IP : Mozilla NSS vulnerability (K91100352)NessusF5 Networks Local Security Checks
medium
91747OracleVM 3.2 : nss (OVMSA-2016-0066)NessusOracleVM Local Security Checks
high
91589openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-714)NessusSuSE Local Security Checks
high
91379GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)NessusGentoo Local Security Checks
critical
9336Apple TV < 9.2 Multiple VulnerabilitiesNessus Network MonitorInternet Services
critical
9327Mac OS X 10.11.x < 10.11.4 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
9331Apple iOS < 9.3 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
91242Debian DLA-480-1 : nss security updateNessusDebian Local Security Checks
high
90822Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : thunderbird vulnerabilities (USN-2934-1)NessusUbuntu Local Security Checks
high
90598Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-3)NessusUbuntu Local Security Checks
critical
9207Mozilla Firefox < 45.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
90421Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : firefox regressions (USN-2917-2)NessusUbuntu Local Security Checks
critical
90385OracleVM 3.3 / 3.4 : nss / nss-util / etc (OVMSA-2016-0042)NessusOracleVM Local Security Checks
medium
90309Apple TV < 9.2 Multiple VulnerabilitiesNessusMisc.
critical
90263SUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0909-1)NessusSuSE Local Security Checks
critical
90140RHEL 6 / 7 : nss-util (RHSA-2016:0495)NessusRed Hat Local Security Checks
medium
90118Apple iOS < 9.3 Multiple VulnerabilitiesNessusMobile Devices
critical
90096Mac OS X 10.11.x < 10.11.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
90065SUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)NessusSuSE Local Security Checks
critical
90031Debian DSA-3520-1 : icedove - security updateNessusDebian Local Security Checks
critical
89990SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0777-1)NessusSuSE Local Security Checks
critical
89929SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0727-1)NessusSuSE Local Security Checks
critical
89915openSUSE Security Update : Firefox (openSUSE-2016-334)NessusSuSE Local Security Checks
critical
89913openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss (openSUSE-2016-332)NessusSuSE Local Security Checks
critical
89875Firefox < 45 Multiple VulnerabilitiesNessusWindows
critical
89874Firefox ESR < 38.7 Multiple VulnerabilitiesNessusWindows
critical
89873Firefox < 45 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
89872Firefox ESR < 38.7 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
89848Amazon Linux AMI : nss-util (ALAS-2016-667)NessusAmazon Linux Local Security Checks
medium
89827Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : nss vulnerability (USN-2924-1)NessusUbuntu Local Security Checks
medium
89826Ubuntu 12.04 LTS / 14.04 / 15.10 : firefox vulnerabilities (USN-2917-1)NessusUbuntu Local Security Checks
critical
89824Scientific Linux Security Update : nss-util on SL6.x, SL7.x i386/x86_64 (20160309)NessusScientific Linux Local Security Checks
medium
89823Scientific Linux Security Update : nss on SL5.x i386/x86_64 (20160309)NessusScientific Linux Local Security Checks
medium
89818OracleVM 3.3 / 3.4 : nss-util (OVMSA-2016-0034)NessusOracleVM Local Security Checks
medium
89815Oracle Linux 5 : nss (ELSA-2016-0371)NessusOracle Linux Local Security Checks
medium
89792Debian DSA-3510-1 : iceweasel - security updateNessusDebian Local Security Checks
critical
89772RHEL 5 : nss (RHSA-2016:0371)NessusRed Hat Local Security Checks
medium
89771RHEL 6 / 7 : nss-util (RHSA-2016:0370)NessusRed Hat Local Security Checks
medium
89769Oracle Linux 6 / 7 : nss-util (ELSA-2016-0370)NessusOracle Linux Local Security Checks
medium
89768FreeBSD : NSS -- multiple vulnerabilities (c4292768-5273-4f17-a267-c5fe35125ce4)NessusFreeBSD Local Security Checks
medium
89761CentOS 5 : nss (CESA-2016:0371)NessusCentOS Local Security Checks
medium
89760CentOS 6 / 7 : nss-util (CESA-2016:0370)NessusCentOS Local Security Checks
medium