Your submission was sent successfully! Close

CVE-2016-1978

Published: 13 March 2016

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

Priority

Medium

CVSS 3 base score: 7.3

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was released [44.0.2+build1-0ubuntu0.12.04.1])
trusty Does not exist
(trusty was released [44.0.2+build1-0ubuntu0.14.04.1])
upstream
Released (44)
wily
Released (44.0.2+build1-0ubuntu0.15.10.1)
xenial Not vulnerable
(45.0+build2-0ubuntu1)
yakkety Not vulnerable
(45.0+build2-0ubuntu1)
zesty Not vulnerable
(45.0+build2-0ubuntu1)
nss
Launchpad, Ubuntu, Debian
precise
Released (2:3.21-0ubuntu0.12.04.2)
trusty
Released (2:3.21-0ubuntu0.14.04.1)
upstream
Released (2:3.21-1)
wily
Released (2:3.21-0ubuntu0.15.10.1)
xenial Not vulnerable
(2:3.21-1ubuntu3)
yakkety Not vulnerable
(2:3.21-1ubuntu3)
zesty Not vulnerable
(2:3.21-1ubuntu3)
thunderbird
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was released [1:38.8.0+build1-0ubuntu0.12.04.1])
trusty Does not exist
(trusty was released [1:38.8.0+build1-0ubuntu0.14.04.1])
upstream
Released (38.8.0)
wily
Released (1:38.8.0+build1-0ubuntu0.15.10.1)
xenial
Released (1:38.8.0+build1-0ubuntu0.16.04.1)
yakkety
Released (1:38.8.0+build1-0ubuntu1)
zesty
Released (1:38.8.0+build1-0ubuntu1)