ID CVE-2016-1979
Summary Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.
References
Vulnerable Configurations
  • Mozilla Firefox 44.0.2
    cpe:2.3:a:mozilla:firefox:44.0.2
  • Mozilla Network Security Services 3.21
    cpe:2.3:a:mozilla:network_security_services:3.21
CVSS
Base: 6.8 (as of 24-06-2016 - 18:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C429276852734F17A267C5FE35125CE4.NASL
    description Mozilla Foundation reports : Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 89768
    published 2016-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89768
    title FreeBSD : NSS -- multiple vulnerabilities (c4292768-5273-4f17-a267-c5fe35125ce4)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0727-1.NASL
    description This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 89929
    published 2016-03-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89929
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0727-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3576.NASL
    description Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors may lead to the execution of arbitrary code or denial of service.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 91138
    published 2016-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91138
    title Debian DSA-3576-1 : icedove - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0685.NASL
    description An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 90749
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90749
    title RHEL 7 : nss, nspr, nss-softokn, and nss-util (RHSA-2016:0685)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0685.NASL
    description An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 90722
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90722
    title CentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2016:0685)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL20145801.NASL
    description Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. (CVE-2016-1979)
    last seen 2017-10-29
    modified 2017-10-23
    plugin id 93257
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93257
    title F5 Networks BIG-IP : Mozilla NSS vulnerability (K20145801)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0909-1.NASL
    description This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 90263
    published 2016-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90263
    title SUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0909-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0591.NASL
    description From Red Hat Security Advisory 2016:0591 : An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 90383
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90383
    title Oracle Linux 6 : nspr / nss / nss-util (ELSA-2016-0591)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-332.NASL
    description This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 45.0 (boo#969894) - requires NSPR 4.12 / NSS 3.21.1 - Instant browser tab sharing through Hello - Synced Tabs button in button bar - Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching - Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level - Tab Groups (Panorama) feature removed - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) - required for Firefox 45.0 - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 89913
    published 2016-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89913
    title openSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss (openSUSE-2016-332)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-480.NASL
    description This security update fixes serious security issues in NSS including arbitrary code execution and remote denial service attacks. For Debian 7 'wheezy', these problems have been fixed in 3.14.5-1+deb7u6. We recommend you upgrade your nss packages as soon as possible. CVE-2015-7181 The sec_asn1d_parse_leaf function improperly restricts access to an unspecified data structure. CVE-2015-7182 Heap-based buffer overflow in the ASN.1 decoder. CVE-2016-1938 The s_mp_div function in lib/freebl/mpi/mpi.c in improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms. CVE-2016-1950 Heap-based buffer overflow allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. CVE-2016-1978 Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. CVE-2016-1979 Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 91242
    published 2016-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91242
    title Debian DLA-480-1 : nss security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201605-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2017-10-29
    modified 2017-01-23
    plugin id 91379
    published 2016-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91379
    title GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0684.NASL
    description An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 90721
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90721
    title CentOS 5 : nspr / nss (CESA-2016:0684)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0684.NASL
    description From Red Hat Security Advisory 2016:0684 : An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 90745
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90745
    title Oracle Linux 5 : nspr / nss (ELSA-2016-0684)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0685.NASL
    description From Red Hat Security Advisory 2016:0685 : An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen 2017-10-29
    modified 2016-12-07
    plugin id 90746
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90746
    title Oracle Linux 7 : nspr / nss / nss-softokn / nss-util (ELSA-2016-0685)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0684.NASL
    description An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 90748
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90748
    title RHEL 5 : nss and nspr (RHSA-2016:0684)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160405_NSS__NSS_UTIL__AND_NSPR_ON_SL6_X.NASL
    description The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (Diffie- Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 90392
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90392
    title Scientific Linux Security Update : nss, nss-util, and nspr on SL6.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0591.NASL
    description An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2017-10-29
    modified 2016-11-17
    plugin id 90367
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90367
    title CentOS 6 : nspr / nss / nss-util (CESA-2016:0591)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-334.NASL
    description This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 45.0 (boo#969894) - requires NSPR 4.12 / NSS 3.21.1 - Instant browser tab sharing through Hello - Synced Tabs button in button bar - Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching - Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level - Tab Groups (Panorama) feature removed - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) - required for Firefox 45.0 - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
    last seen 2017-10-29
    modified 2016-10-13
    plugin id 89915
    published 2016-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89915
    title openSUSE Security Update : Firefox (openSUSE-2016-334)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0777-1.NASL
    description This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. - MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. - MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. - MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. - MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. - MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. - MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library Mozilla NSS was updated to fix : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Mozilla NSPR was updated to version 4.12 (bsc#969894) - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes - Enable atomic instructions on mips (bmo#1129878) - Fix mips assertion failure when creating thread with custom stack size (bmo#1129968) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 89990
    published 2016-03-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89990
    title SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0777-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160425_NSS_AND_NSPR_ON_SL5_X.NASL
    description The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (Diffie- Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 90752
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90752
    title Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2973-1.NASL
    description Christian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2805, CVE-2016-2807) Hanno Bock discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1978) A use-after-free was discovered in PK11_ImportDERPrivateKeyInfoAndReturnKey in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1979). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-01
    plugin id 91258
    published 2016-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91258
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : thunderbird vulnerabilities (USN-2973-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0591.NASL
    description An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen 2017-10-29
    modified 2017-01-10
    plugin id 90386
    published 2016-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90386
    title RHEL 6 : nss, nss-util, and nspr (RHSA-2016:0591)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-702.NASL
    description A use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen 2017-10-29
    modified 2016-10-07
    plugin id 91240
    published 2016-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91240
    title Amazon Linux AMI : nspr / nss-util,nss,nss-softokn (ALAS-2016-702)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3688.NASL
    description Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. - CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS). - CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution. - CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections. - CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS. However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue. - CVE-2016-1978 Eric Rescorla discovered a use-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences. - CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact. - CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS. In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges. This update contains further correctness and stability fixes without immediate security impact.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 93871
    published 2016-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93871
    title Debian DSA-3688-1 : nss - security update (Logjam) (SLOTH)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_45.NASL
    description The version of Firefox installed on the remote Windows host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen 2017-10-29
    modified 2016-05-20
    plugin id 89875
    published 2016-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89875
    title Firefox < 45 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0820-1.NASL
    description Mozilla Firefox was updated to 38.7.0 ESR, fixing the following security issues : MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-20/CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing MFSA 2016-21/CVE-2016-1958: Displayed page address can be overridden MFSA 2016-23/CVE-2016-1960: Use-after-free in HTML5 string parser MFSA 2016-24/CVE-2016-1961: Use-after-free in SetBody MFSA 2016-25/CVE-2016-1962: Use-after-free when using multiple WebRTC data channels MFSA 2016-27/CVE-2016-1964: Use-after-free during XML transformations MFSA 2016-28/CVE-2016-1965: Addressbar spoofing though history navigation and Location protocol property MFSA 2016-31/CVE-2016-1966: Memory corruption with malicious NPAPI plugin MFSA 2016-34/CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802: Font vulnerabilities in the Graphite 2 library. Mozilla NSPR was updated to version 4.12, fixing following bugs : Added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. Fixed a memory allocation bug related to the PR_*printf functions Exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 Several minor correctness and compatibility fixes. Mozilla NSS was updated to fix security issues : MFSA 2016-15/CVE-2016-1978: Use-after-free in NSS during SSL connections in low memory MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-36/CVE-2016-1979: Use-after-free during processing of DER encoded keys in NSS. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-27
    plugin id 90065
    published 2016-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90065
    title SUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_45.NASL
    description The version of Firefox installed on the remote Mac OS X host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen 2017-10-29
    modified 2016-05-20
    plugin id 89873
    published 2016-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89873
    title Firefox < 45 Multiple Vulnerabilities (Mac OS X)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-472.NASL
    description The security update for icedove did not build on armhf. This is resolved by this upload. The text of the original DLA follows : Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client. Multiple memory safety errors may lead to the execution of arbitrary code or denial of service. For Debian 7 'Wheezy', this problem has been fixed in version 38.8.0-1~deb7u1. We recommend that you upgrade your icedove packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2016-12-06
    plugin id 91134
    published 2016-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91134
    title Debian DLA-472-2 : icedove regression update
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1017.NASL
    description According to the versions of the nss nspr nss-softokn nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.(CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-05-04
    plugin id 99780
    published 2017-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99780
    title EulerOS 2.0 SP1 : nss nspr nss-softokn nss-util (EulerOS-SA-2016-1017)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160425_NSS__NSPR__NSS_SOFTOKN__AND_NSS_UTIL_ON_SL7_X.NASL
    description The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Bug Fix(es) : - The nss-softokn package has been updated to be compatible with NSS 3.21.
    last seen 2017-10-29
    modified 2016-10-19
    plugin id 90751
    published 2016-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90751
    title Scientific Linux Security Update : nss, nspr, nss-softokn, and nss-util on SL7.x x86_64
redhat via4
advisories
  • bugzilla
    id 1315565
    title CVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment nspr is earlier than 0:4.11.0-0.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160591005
        • comment nspr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111444032
      • AND
        • comment nspr-devel is earlier than 0:4.11.0-0.1.el6_7
          oval oval:com.redhat.rhsa:tst:20160591007
        • comment nspr-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111444034
      • AND
        • comment nss-util is earlier than 0:3.21.0-0.3.el6_7
          oval oval:com.redhat.rhsa:tst:20160591009
        • comment nss-util is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862016
      • AND
        • comment nss-util-devel is earlier than 0:3.21.0-0.3.el6_7
          oval oval:com.redhat.rhsa:tst:20160591011
        • comment nss-util-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862018
      • AND
        • comment nss is earlier than 0:3.21.0-0.3.el6_7
          oval oval:com.redhat.rhsa:tst:20160591019
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862006
      • AND
        • comment nss-devel is earlier than 0:3.21.0-0.3.el6_7
          oval oval:com.redhat.rhsa:tst:20160591015
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862014
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.21.0-0.3.el6_7
          oval oval:com.redhat.rhsa:tst:20160591017
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862010
      • AND
        • comment nss-sysinit is earlier than 0:3.21.0-0.3.el6_7
          oval oval:com.redhat.rhsa:tst:20160591021
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862008
      • AND
        • comment nss-tools is earlier than 0:3.21.0-0.3.el6_7
          oval oval:com.redhat.rhsa:tst:20160591013
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862012
    rhsa
    id RHSA-2016:0591
    released 2016-04-05
    severity Moderate
    title RHSA-2016:0591: nss, nss-util, and nspr security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1315565
    title CVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment nspr is earlier than 0:4.11.0-1.el5_11
          oval oval:com.redhat.rhsa:tst:20160684004
        • comment nspr is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20081036022
      • AND
        • comment nspr-devel is earlier than 0:4.11.0-1.el5_11
          oval oval:com.redhat.rhsa:tst:20160684002
        • comment nspr-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20081036024
      • AND
        • comment nss is earlier than 0:3.21.0-6.el5_11
          oval oval:com.redhat.rhsa:tst:20160684012
        • comment nss is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080879012
      • AND
        • comment nss-devel is earlier than 0:3.21.0-6.el5_11
          oval oval:com.redhat.rhsa:tst:20160684008
        • comment nss-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080879016
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.21.0-6.el5_11
          oval oval:com.redhat.rhsa:tst:20160684010
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080879014
      • AND
        • comment nss-tools is earlier than 0:3.21.0-6.el5_11
          oval oval:com.redhat.rhsa:tst:20160684006
        • comment nss-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080879018
    rhsa
    id RHSA-2016:0684
    released 2016-04-25
    severity Moderate
    title RHSA-2016:0684: nss and nspr security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id 1315565
    title CVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment nspr is earlier than 0:4.11.0-1.el7_2
          oval oval:com.redhat.rhsa:tst:20160685007
        • comment nspr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111444032
      • AND
        • comment nspr-devel is earlier than 0:4.11.0-1.el7_2
          oval oval:com.redhat.rhsa:tst:20160685005
        • comment nspr-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111444034
      • AND
        • comment nss-util is earlier than 0:3.21.0-2.2.el7_2
          oval oval:com.redhat.rhsa:tst:20160685011
        • comment nss-util is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862016
      • AND
        • comment nss-util-devel is earlier than 0:3.21.0-2.2.el7_2
          oval oval:com.redhat.rhsa:tst:20160685009
        • comment nss-util-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862018
      • AND
        • comment nss-softokn is earlier than 0:3.16.2.3-14.2.el7_2
          oval oval:com.redhat.rhsa:tst:20160685019
        • comment nss-softokn is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862020
      • AND
        • comment nss-softokn-devel is earlier than 0:3.16.2.3-14.2.el7_2
          oval oval:com.redhat.rhsa:tst:20160685013
        • comment nss-softokn-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862024
      • AND
        • comment nss-softokn-freebl is earlier than 0:3.16.2.3-14.2.el7_2
          oval oval:com.redhat.rhsa:tst:20160685015
        • comment nss-softokn-freebl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862022
      • AND
        • comment nss-softokn-freebl-devel is earlier than 0:3.16.2.3-14.2.el7_2
          oval oval:com.redhat.rhsa:tst:20160685017
        • comment nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131144014
      • AND
        • comment nss is earlier than 0:3.21.0-9.el7_2
          oval oval:com.redhat.rhsa:tst:20160685025
        • comment nss is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862006
      • AND
        • comment nss-devel is earlier than 0:3.21.0-9.el7_2
          oval oval:com.redhat.rhsa:tst:20160685029
        • comment nss-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862014
      • AND
        • comment nss-pkcs11-devel is earlier than 0:3.21.0-9.el7_2
          oval oval:com.redhat.rhsa:tst:20160685027
        • comment nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862010
      • AND
        • comment nss-sysinit is earlier than 0:3.21.0-9.el7_2
          oval oval:com.redhat.rhsa:tst:20160685021
        • comment nss-sysinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862008
      • AND
        • comment nss-tools is earlier than 0:3.21.0-9.el7_2
          oval oval:com.redhat.rhsa:tst:20160685023
        • comment nss-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100862012
    rhsa
    id RHSA-2016:0685
    released 2016-04-25
    severity Moderate
    title RHSA-2016:0685: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update (Moderate)
rpms
  • nspr-0:4.11.0-0.1.el6_7
  • nspr-devel-0:4.11.0-0.1.el6_7
  • nss-util-0:3.21.0-0.3.el6_7
  • nss-util-devel-0:3.21.0-0.3.el6_7
  • nss-0:3.21.0-0.3.el6_7
  • nss-devel-0:3.21.0-0.3.el6_7
  • nss-pkcs11-devel-0:3.21.0-0.3.el6_7
  • nss-sysinit-0:3.21.0-0.3.el6_7
  • nss-tools-0:3.21.0-0.3.el6_7
  • nspr-0:4.11.0-1.el5_11
  • nspr-devel-0:4.11.0-1.el5_11
  • nss-0:3.21.0-6.el5_11
  • nss-devel-0:3.21.0-6.el5_11
  • nss-pkcs11-devel-0:3.21.0-6.el5_11
  • nss-tools-0:3.21.0-6.el5_11
  • nspr-0:4.11.0-1.el7_2
  • nspr-devel-0:4.11.0-1.el7_2
  • nss-util-0:3.21.0-2.2.el7_2
  • nss-util-devel-0:3.21.0-2.2.el7_2
  • nss-softokn-0:3.16.2.3-14.2.el7_2
  • nss-softokn-devel-0:3.16.2.3-14.2.el7_2
  • nss-softokn-freebl-0:3.16.2.3-14.2.el7_2
  • nss-softokn-freebl-devel-0:3.16.2.3-14.2.el7_2
  • nss-0:3.21.0-9.el7_2
  • nss-devel-0:3.21.0-9.el7_2
  • nss-pkcs11-devel-0:3.21.0-9.el7_2
  • nss-sysinit-0:3.21.0-9.el7_2
  • nss-tools-0:3.21.0-9.el7_2
refmap via4
bid 84221
confirm
debian
  • DSA-3576
  • DSA-3688
gentoo GLSA-201605-06
misc https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes
sectrack 1035215
suse
  • SUSE-SU-2016:0727
  • SUSE-SU-2016:0777
  • SUSE-SU-2016:0820
  • SUSE-SU-2016:0909
  • openSUSE-SU-2016:0731
  • openSUSE-SU-2016:0733
ubuntu USN-2973-1
Last major update 02-12-2016 - 22:24
Published 13-03-2016 - 14:59
Last modified 03-11-2017 - 21:29
Back to Top