CVE-2016-1950

Published: 8 March 2016

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

Priority

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package	Release	Status
firefox Launchpad, Ubuntu, Debian	precise	Released (45.0+build2-0ubuntu0.12.04.1)
	trusty	Released (45.0+build2-0ubuntu0.14.04.1)
	upstream	Released (45.0)
	wily	Released (45.0+build2-0ubuntu0.15.10.1)
	xenial	Not vulnerable (45.0+build2-0ubuntu1)
	yakkety	Not vulnerable (45.0+build2-0ubuntu1)
	zesty	Not vulnerable (45.0+build2-0ubuntu1)
nss Launchpad, Ubuntu, Debian	precise	Released (2:3.21-0ubuntu0.12.04.3)
	trusty	Released (2:3.21-0ubuntu0.14.04.2)
	upstream	Released (3.21.1)
	wily	Released (2:3.21-0ubuntu0.15.10.2)
	xenial	Released (2:3.21-1ubuntu4)
	yakkety	Released (2:3.21-1ubuntu4)
	zesty	Released (2:3.21-1ubuntu4)
	Patches: upstream: http://hg.mozilla.org/projects/nss/rev/b9a31471759d
thunderbird Launchpad, Ubuntu, Debian	precise	Released (1:38.7.2+build1-0ubuntu0.12.04.1)
	upstream	Released (38.7)
	wily	Released (1:38.7.2+build1-0ubuntu0.15.10.1)
	xenial	Released (1:38.7.2+build1-0ubuntu0.16.04.1)
	yakkety	Released (1:38.8.0+build1-0ubuntu1)
	zesty	Released (1:38.8.0+build1-0ubuntu1)
	trusty	Released (1:38.7.2+build1-0ubuntu0.14.04.1)

Severity score breakdown

Parameter	Value
Base score	8.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Bugs

https://bugzilla.mozilla.org/show_bug.cgi?id=1245528

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›