var-201603-0244

Vulnerability from variot

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Both Mozilla Firefox and Firefox ESR are developed by the Mozilla Foundation in the United States. The following products and versions are affected: Mozilla Firefox prior to 45.0, Firefox ESR prior to 38.7 38.x, Mozilla NSS prior to 3.19.2.3, 3.20.x, 3.21.1 prior to 3.21.x.

CVE-2015-4000

David Adrian et al. reported that it may be feasible to attack
Diffie-Hellman-based cipher suites in certain circumstances,
compromising the confidentiality and integrity of data encrypted
with Transport Layer Security (TLS).

CVE-2015-7181 CVE-2015-7182 CVE-2016-1950

Tyson Smith, David Keeler, and Francis Gabriel discovered
heap-based buffer overflows in the ASN.1 DER parser, potentially
leading to arbitrary code execution.

CVE-2015-7575

Karthikeyan Bhargavan discovered that TLS client implementation
accepted MD5-based signatures for TLS 1.2 connections with forward
secrecy, weakening the intended security strength of TLS
connections.

CVE-2016-1938

Hanno Boeck discovered that NSS miscomputed the result of integer
division for certain inputs.  This could weaken the cryptographic
protections provided by NSS.  However, NSS implements RSA-CRT leak
hardening, so RSA private keys are not directly disclosed by this
issue.

CVE-2016-1978

Eric Rescorla discovered a user-after-free vulnerability in the
implementation of ECDH-based TLS handshakes, with unknown
consequences.

CVE-2016-1979

Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER
processing, with application-specific impact.

CVE-2016-2834

Tyson Smith and Jed Davis discovered unspecified memory-safety
bugs in NSS.

In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges.

For the stable distribution (jessie), these problems have been fixed in version 2:3.26-1+debu8u1.

For the unstable distribution (sid), these problems have been fixed in version 2:3.23-1.

We recommend that you upgrade your nss packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-03-21-3 tvOS 9.2

tvOS 9.2 is now available and addresses the following:

FontParser Available for: Apple TV (4th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)

HTTPProtocol Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659

IOHIDFamily Available for: Apple TV (4th generation) Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero

Kernel Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG

libxml2 Available for: Apple TV (4th generation) Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1762

Security Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab

TrueTypeScaler Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)

WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1783 : Mihai Parparita of Google

WebKit History Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A resource exhaustion issue was addressed through improved input validation. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net)

Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher

Installation note:

Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.".

To check the current version of software, select "Settings -> General -> About". ============================================================================ Ubuntu Security Notice USN-2917-2 April 07, 2016

firefox regressions

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary:

USN-2917-1 introduced several regressions in Firefox.

Software Description: - firefox: Mozilla Open Source web browser

Details:

USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. (CVE-2016-1950)

Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jyl=C3=A4nki discovered multiple memory safety issues in Firefox. (CVE-2016-1952, CVE-2016-1953)

Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954)

Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955)

Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956)

Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957)

Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)

Looben Yang discovered an out-of-bounds read in Service Worker Manager. (CVE-2016-1959)

A use-after-free was discovered in the HTML5 string parser. (CVE-2016-1960)

A use-after-free was discovered in the SetBody function of HTMLDocument. (CVE-2016-1961)

Dominique Haza=C3=ABl-Massieux discovered a use-after-free when using multiple WebRTC data channels. (CVE-2016-1962)

It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. (CVE-2016-1963)

Nicolas Gr=C3=A9goire discovered a use-after-free during XML transformations. (CVE-2016-1964)

Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965)

A memory corruption issues was discovered in the NPAPI subsystem. (CVE-2016-1966)

Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967)

Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. (CVE-2016-1968)

Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. (CVE-2016-1973)

Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. (CVE-2016-1974)

Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: firefox 45.0.1+build1-0ubuntu0.15.10.2

Ubuntu 14.04 LTS: firefox 45.0.1+build1-0ubuntu0.14.04.2

Ubuntu 12.04 LTS: firefox 45.0.1+build1-0ubuntu0.12.04.2

After a standard system update you need to restart Firefox to make all the necessary changes. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/nspr < 4.12 >= 4.12 2 dev-libs/nss < 3.22.2 >= 3.22.2 3 mail-client/thunderbird < 38.7.0 >= 38.7.0 4 mail-client/thunderbird-bin < 38.7.0 >= 38.7.0 5 www-client/firefox < 38.7.0 >= 38.7.0 6 www-client/firefox-bin < 38.7.0 >= 38.7.0 ------------------------------------------------------------------- 6 affected packages

Description

Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts.

Workaround

There is no known workaround at this time.

Resolution

All NSS users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.22.2"

All Thunderbird users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-38.7.0"=

All users of the Thunderbird binary package should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-38.7.0"

All Firefox 38.7.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-38.7.0"

All users of the Firefox 38.7.x binary package should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-38.7.0"

References

[ 1 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 2 ] CVE-2015-2708 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708 [ 3 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 4 ] CVE-2015-2709 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709 [ 5 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 6 ] CVE-2015-2710 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710 [ 7 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 8 ] CVE-2015-2711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711 [ 9 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 10 ] CVE-2015-2712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712 [ 11 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 12 ] CVE-2015-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713 [ 13 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 14 ] CVE-2015-2714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714 [ 15 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 16 ] CVE-2015-2715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715 [ 17 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 18 ] CVE-2015-2716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716 [ 19 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 20 ] CVE-2015-2717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717 [ 21 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 22 ] CVE-2015-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718 [ 23 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 24 ] CVE-2015-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473 [ 25 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 26 ] CVE-2015-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474 [ 27 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 28 ] CVE-2015-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475 [ 29 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 30 ] CVE-2015-4477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477 [ 31 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 32 ] CVE-2015-4478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478 [ 33 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 34 ] CVE-2015-4479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479 [ 35 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 36 ] CVE-2015-4480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480 [ 37 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 38 ] CVE-2015-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481 [ 39 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 40 ] CVE-2015-4482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482 [ 41 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 42 ] CVE-2015-4483 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483 [ 43 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 44 ] CVE-2015-4484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484 [ 45 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 46 ] CVE-2015-4485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485 [ 47 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 48 ] CVE-2015-4486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486 [ 49 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 50 ] CVE-2015-4487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487 [ 51 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 52 ] CVE-2015-4488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488 [ 53 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 54 ] CVE-2015-4489 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489 [ 55 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 56 ] CVE-2015-4490 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490 [ 57 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 58 ] CVE-2015-4491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491 [ 59 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 60 ] CVE-2015-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492 [ 61 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 62 ] CVE-2015-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493 [ 63 ] CVE-2015-7181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181 [ 64 ] CVE-2015-7182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182 [ 65 ] CVE-2015-7183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183 [ 66 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 67 ] CVE-2016-1523 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523 [ 68 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 69 ] CVE-2016-1930 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930 [ 70 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 71 ] CVE-2016-1931 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931 [ 72 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 73 ] CVE-2016-1933 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933 [ 74 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 75 ] CVE-2016-1935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935 [ 76 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 77 ] CVE-2016-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937 [ 78 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 79 ] CVE-2016-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938 [ 80 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 81 ] CVE-2016-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939 [ 82 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 83 ] CVE-2016-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940 [ 84 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 85 ] CVE-2016-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941 [ 86 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 87 ] CVE-2016-1942 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942 [ 88 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 89 ] CVE-2016-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943 [ 90 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 91 ] CVE-2016-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944 [ 92 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 93 ] CVE-2016-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945 [ 94 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 95 ] CVE-2016-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946 [ 96 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 97 ] CVE-2016-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947 [ 98 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 99 ] CVE-2016-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948 [ 100 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 101 ] CVE-2016-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949 [ 102 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 103 ] CVE-2016-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950 [ 104 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 105 ] CVE-2016-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952 [ 106 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 107 ] CVE-2016-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953 [ 108 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 109 ] CVE-2016-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954 [ 110 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 111 ] CVE-2016-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955 [ 112 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 113 ] CVE-2016-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956 [ 114 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 115 ] CVE-2016-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957 [ 116 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 117 ] CVE-2016-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958 [ 118 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 119 ] CVE-2016-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959 [ 120 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 121 ] CVE-2016-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960 [ 122 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 123 ] CVE-2016-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961 [ 124 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 125 ] CVE-2016-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962 [ 126 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 127 ] CVE-2016-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963 [ 128 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 129 ] CVE-2016-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964 [ 130 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 131 ] CVE-2016-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965 [ 132 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 133 ] CVE-2016-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966 [ 134 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 135 ] CVE-2016-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967 [ 136 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 137 ] CVE-2016-1968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968 [ 138 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 139 ] CVE-2016-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969 [ 140 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 141 ] CVE-2016-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970 [ 142 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 143 ] CVE-2016-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971 [ 144 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 145 ] CVE-2016-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972 [ 146 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 147 ] CVE-2016-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973 [ 148 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 149 ] CVE-2016-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974 [ 150 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 151 ] CVE-2016-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975 [ 152 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 153 ] CVE-2016-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976 [ 154 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 155 ] CVE-2016-1977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977 [ 156 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 157 ] CVE-2016-1978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978 [ 158 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 159 ] CVE-2016-1979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979 [ 160 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 161 ] CVE-2016-2790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790 [ 162 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 163 ] CVE-2016-2791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791 [ 164 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 165 ] CVE-2016-2792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792 [ 166 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 167 ] CVE-2016-2793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793 [ 168 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 169 ] CVE-2016-2794 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794 [ 170 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 171 ] CVE-2016-2795 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795 [ 172 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 173 ] CVE-2016-2796 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796 [ 174 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 175 ] CVE-2016-2797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797 [ 176 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 177 ] CVE-2016-2798 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798 [ 178 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 179 ] CVE-2016-2799 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799 [ 180 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 181 ] CVE-2016-2800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800 [ 182 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 183 ] CVE-2016-2801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801 [ 184 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802 [ 185 ] CVE-2016-2802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201605-06

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--Bs4bwglUWSbluQjJQQ051Q7fVoU1XxLw6 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Critical: nss-util security update Advisory ID: RHSA-2016:0370-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0370.html Issue date: 2016-03-09 CVE Names: CVE-2016-1950 =====================================================================

Summary:

Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7.

Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Description:

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module.

A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950)

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter.

All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util library must be restarted, or the system rebooted.

Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Bugs fixed (https://bugzilla.redhat.com/):

1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)

Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: nss-util-3.19.1-5.el6_7.src.rpm

i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm

x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm

x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: nss-util-3.19.1-5.el6_7.src.rpm

x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: nss-util-3.19.1-5.el6_7.src.rpm

i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm

ppc64: nss-util-3.19.1-5.el6_7.ppc.rpm nss-util-3.19.1-5.el6_7.ppc64.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc64.rpm nss-util-devel-3.19.1-5.el6_7.ppc.rpm nss-util-devel-3.19.1-5.el6_7.ppc64.rpm

s390x: nss-util-3.19.1-5.el6_7.s390.rpm nss-util-3.19.1-5.el6_7.s390x.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390x.rpm nss-util-devel-3.19.1-5.el6_7.s390.rpm nss-util-devel-3.19.1-5.el6_7.s390x.rpm

x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: nss-util-3.19.1-5.el6_7.src.rpm

i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: nss-util-3.19.1-9.el7_2.src.rpm

x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: nss-util-3.19.1-9.el7_2.src.rpm

x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: nss-util-3.19.1-9.el7_2.src.rpm

ppc64: nss-util-3.19.1-9.el7_2.ppc.rpm nss-util-3.19.1-9.el7_2.ppc64.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64.rpm nss-util-devel-3.19.1-9.el7_2.ppc.rpm nss-util-devel-3.19.1-9.el7_2.ppc64.rpm

ppc64le: nss-util-3.19.1-9.el7_2.ppc64le.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64le.rpm nss-util-devel-3.19.1-9.el7_2.ppc64le.rpm

s390x: nss-util-3.19.1-9.el7_2.s390.rpm nss-util-3.19.1-9.el7_2.s390x.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390x.rpm nss-util-devel-3.19.1-9.el7_2.s390.rpm nss-util-devel-3.19.1-9.el7_2.s390x.rpm

x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: nss-util-3.19.1-9.el7_2.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2016-1950 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-36

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iD8DBQFW3580XlSAg2UNWIIRAovDAJwKx54WxiK95+n4U/9G+nDl0wRlYwCeM1lR iGa2ZA5NBkpEYzNEuWdBT74= =dxl7 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201603-0244",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iplanet web proxy server",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "4.0"
      },
      {
        "model": "iplanet web server",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "glassfish server",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "2.1.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "mozilla",
        "version": "3.20.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "mozilla",
        "version": "3.20"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "mozilla",
        "version": "3.21"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "mozilla",
        "version": "3.19.2"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.2.0"
      },
      {
        "model": "firefox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "44.0.2"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.6.1"
      },
      {
        "model": "watchos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.2.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.1.0"
      },
      {
        "model": "vm server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.0"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.0.5"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.3.0"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.1.1"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.4.0"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.0.1"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.6.0"
      },
      {
        "model": "firefox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "38.5.0"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(ipad 2 or later )"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(apple watch sport)"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "3.21.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 to  10.11.3"
      },
      {
        "model": "vm server",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(apple watch edition)"
      },
      {
        "model": "watchos",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(apple watch hermes)"
      },
      {
        "model": "network security services",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "3.21.x"
      },
      {
        "model": "firefox esr",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "38.7"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(iphone 4s or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(ipod touch first  5 after generation )"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(apple watch)"
      },
      {
        "model": "opensuse",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "9.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "3.20.x"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "(apple tv first  4 generation )"
      },
      {
        "model": "firefox esr",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "38.x"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1950"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:mozilla:firefox",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mozilla:firefox_esr",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mozilla:network_security_services",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:opensuse_project:opensuse",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:iphone_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:apple_tv",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:watchos",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:oracle:glassfish_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:oracle:iplanet_web_proxy_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:oracle:iplanet_web_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:oracle:linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:oracle:vm_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "db": "PACKETSTORM",
        "id": "136152"
      },
      {
        "db": "PACKETSTORM",
        "id": "136304"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1950",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2016-1950",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-90769",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-1950",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1950",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1950",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201603-136",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90769",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90769"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1950"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Both Mozilla Firefox and Firefox ESR are developed by the Mozilla Foundation in the United States. The following products and versions are affected: Mozilla Firefox prior to 45.0, Firefox ESR prior to 38.7 38.x, Mozilla NSS prior to 3.19.2.3, 3.20.x, 3.21.1 prior to 3.21.x. \n\nCVE-2015-4000\n\n    David Adrian et al. reported that it may be feasible to attack\n    Diffie-Hellman-based cipher suites in certain circumstances,\n    compromising the confidentiality and integrity of data encrypted\n    with Transport Layer Security (TLS). \n\nCVE-2015-7181\nCVE-2015-7182\nCVE-2016-1950\n\n    Tyson Smith, David Keeler, and Francis Gabriel discovered\n    heap-based buffer overflows in the ASN.1 DER parser, potentially\n    leading to arbitrary code execution. \n\nCVE-2015-7575\n\n    Karthikeyan Bhargavan discovered that TLS client implementation\n    accepted MD5-based signatures for TLS 1.2 connections with forward\n    secrecy, weakening the intended security strength of TLS\n    connections. \n\nCVE-2016-1938\n\n    Hanno Boeck discovered that NSS miscomputed the result of integer\n    division for certain inputs.  This could weaken the cryptographic\n    protections provided by NSS.  However, NSS implements RSA-CRT leak\n    hardening, so RSA private keys are not directly disclosed by this\n    issue. \n\nCVE-2016-1978\n\n    Eric Rescorla discovered a user-after-free vulnerability in the\n    implementation of ECDH-based TLS handshakes, with unknown\n    consequences. \n\nCVE-2016-1979\n\n    Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER\n    processing, with application-specific impact. \n\nCVE-2016-2834\n\n    Tyson Smith and Jed Davis discovered unspecified memory-safety\n    bugs in NSS. \n\nIn addition, the NSS library did not ignore environment variables in\nprocesses which underwent a SUID/SGID/AT_SECURE transition at process\nstart.  In certain system configurations, this allowed local users to\nescalate their privileges. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:3.26-1+debu8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.23-1. \n\nWe recommend that you upgrade your nss packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-3 tvOS 9.2\n\ntvOS 9.2 is now available and addresses the following:\n\nFontParser\nAvailable for:  Apple TV (4th generation)\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for:  Apple TV (4th generation)\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIOHIDFamily\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to determine kernel memory layout\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to bypass code signing\nDescription:  A permissions issue existed in which execute permission\nwas incorrectly granted. This issue was addressed through improved\npermission validation. \nCVE-ID\nCVE-2016-1751 : Eric Monti of Square Mobile Security\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for:  Apple TV (4th generation)\nImpact:  An application may be able to cause a denial of service\nDescription:  A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1762\n\nSecurity\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTrueTypeScaler\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWebKit\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1783 : Mihai Parparita of Google\n\nWebKit History\nAvailable for:  Apple TV (4th generation)\nImpact:  Processing maliciously crafted web content may lead to an\nunexpected Safari crash\nDescription:  A resource exhaustion issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and \u674e\u666e\u541b of\n\u65e0\u58f0\u4fe1\u606f\u6280\u672fPKAV Team (PKAV.net)\n\nWi-Fi\nAvailable for:  Apple TV (4th generation)\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\". \n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About\". ============================================================================\nUbuntu Security Notice USN-2917-2\nApril 07, 2016\n\nfirefox regressions\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-2917-1 introduced several regressions in Firefox. \n\nSoftware Description:\n- firefox: Mozilla Open Source web browser\n\nDetails:\n\nUSN-2917-1 fixed vulnerabilities in Firefox. This update caused several\nregressions that could result in search engine settings being lost, the\nlist of search providers appearing empty or the location bar breaking\nafter typing an invalid URL. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. (CVE-2016-1950)\n \n Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\n Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,\n Tyson Smith, Andrea Marchesini, and Jukka Jyl=C3=A4nki discovered multiple\n memory safety issues in Firefox. (CVE-2016-1952,\n CVE-2016-1953)\n \n Nicolas Golubovic discovered that CSP violation reports can be used to\n overwrite local files. If a user were tricked in to opening a specially\n crafted website with addon signing disabled and unpacked addons installed,\n an attacker could potentially exploit this to gain additional privileges. \n (CVE-2016-1954)\n \n Muneaki Nishimura discovered that CSP violation reports contained full\n paths for cross-origin iframe navigations. An attacker could potentially\n exploit this to steal confidential data. (CVE-2016-1955)\n \n Ucha Gobejishvili discovered that performing certain WebGL operations\n resulted in memory resource exhaustion with some Intel GPUs, requiring\n a reboot. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to cause a denial\n of service. (CVE-2016-1956)\n \n Jose Martinez and Romina Santillan discovered a memory leak in\n libstagefright during MPEG4 video file processing in some circumstances. \n If a user were tricked in to opening a specially crafted website, an\n attacker could potentially exploit this to cause a denial of service via\n memory exhaustion. (CVE-2016-1957)\n \n Abdulrahman Alqabandi discovered that the addressbar could be blank or\n filled with page defined content in some circumstances. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n \n Looben Yang discovered an out-of-bounds read in Service Worker Manager. (CVE-2016-1959)\n \n A use-after-free was discovered in the HTML5 string parser. (CVE-2016-1960)\n \n A use-after-free was discovered in the SetBody function of HTMLDocument. (CVE-2016-1961)\n \n Dominique Haza=C3=ABl-Massieux discovered a use-after-free when using multiple\n WebRTC data channels. (CVE-2016-1962)\n \n It was discovered that Firefox crashes when local files are modified\n whilst being read by the FileReader API. (CVE-2016-1963)\n \n Nicolas Gr=C3=A9goire discovered a use-after-free during XML transformations. (CVE-2016-1964)\n \n Tsubasa Iinuma discovered a mechanism to cause the addressbar to display\n an incorrect URL, using history navigations and the Location protocol\n property. If a user were tricked in to opening a specially crafted\n website, an attacker could potentially exploit this to conduct URL\n spoofing attacks. (CVE-2016-1965)\n \n A memory corruption issues was discovered in the NPAPI subsystem. (CVE-2016-1966)\n \n Jordi Chancel discovered a same-origin-policy bypass when using\n performance.getEntries and history navigation with session restore. If\n a user were tricked in to opening a specially crafted website, an attacker\n could potentially exploit this to steal confidential data. (CVE-2016-1967)\n \n Luke Li discovered a buffer overflow during Brotli decompression in some\n circumstances. (CVE-2016-1968)\n \n Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. (CVE-2016-1973)\n \n Ronald Crane discovered an out-of-bounds read following a failed\n allocation in the HTML parser in some circumstances. (CVE-2016-1974)\n \n Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\n memory safety issues in the Graphite 2 library. \n (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\n CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,\n CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  firefox                         45.0.1+build1-0ubuntu0.15.10.2\n\nUbuntu 14.04 LTS:\n  firefox                         45.0.1+build1-0ubuntu0.14.04.2\n\nUbuntu 12.04 LTS:\n  firefox                         45.0.1+build1-0ubuntu0.12.04.2\n\nAfter a standard system update you need to restart Firefox to make\nall the necessary changes.  The\nSeaMonkey project is a community effort to deliver production-quality\nreleases of code derived from the application formerly known as\n\u0027Mozilla Application Suite\u0027. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/nspr                 \u003c 4.12                     \u003e= 4.12\n  2  dev-libs/nss                 \u003c 3.22.2                  \u003e= 3.22.2\n  3  mail-client/thunderbird      \u003c 38.7.0                  \u003e= 38.7.0\n  4  mail-client/thunderbird-bin\n                                  \u003c 38.7.0                  \u003e= 38.7.0\n  5  www-client/firefox           \u003c 38.7.0                  \u003e= 38.7.0\n  6  www-client/firefox-bin       \u003c 38.7.0                  \u003e= 38.7.0\n    -------------------------------------------------------------------\n     6 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Firefox, NSS, NSPR,\nand Thunderbird. Please review the CVE identifiers referenced below for\ndetails. Furthermore, a remote attacker may be able\nto perform Man-in-the-Middle attacks, obtain sensitive information,\nspoof the address bar, conduct clickjacking attacks, bypass security\nrestrictions and protection mechanisms, or have other unspecified\nimpacts. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NSS users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.22.2\"\n\nAll Thunderbird users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=mail-client/thunderbird-38.7.0\"=\n\n\nAll users of the Thunderbird binary package should upgrade to the\nlatest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-38.7.0\"\n\nAll Firefox 38.7.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-38.7.0\"\n\nAll users of the Firefox 38.7.x binary package should upgrade to the\nlatest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-38.7.0\"\n\nReferences\n==========\n\n[   1 ] CVE-2015-2708\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708\n[   2 ] CVE-2015-2708\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2708\n[   3 ] CVE-2015-2709\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709\n[   4 ] CVE-2015-2709\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2709\n[   5 ] CVE-2015-2710\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710\n[   6 ] CVE-2015-2710\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2710\n[   7 ] CVE-2015-2711\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711\n[   8 ] CVE-2015-2711\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2711\n[   9 ] CVE-2015-2712\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712\n[  10 ] CVE-2015-2712\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2712\n[  11 ] CVE-2015-2713\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713\n[  12 ] CVE-2015-2713\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2713\n[  13 ] CVE-2015-2714\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714\n[  14 ] CVE-2015-2714\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2714\n[  15 ] CVE-2015-2715\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715\n[  16 ] CVE-2015-2715\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2715\n[  17 ] CVE-2015-2716\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716\n[  18 ] CVE-2015-2716\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2716\n[  19 ] CVE-2015-2717\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717\n[  20 ] CVE-2015-2717\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2717\n[  21 ] CVE-2015-2718\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718\n[  22 ] CVE-2015-2718\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2718\n[  23 ] CVE-2015-4473\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473\n[  24 ] CVE-2015-4473\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4473\n[  25 ] CVE-2015-4474\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474\n[  26 ] CVE-2015-4474\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4474\n[  27 ] CVE-2015-4475\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475\n[  28 ] CVE-2015-4475\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4475\n[  29 ] CVE-2015-4477\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477\n[  30 ] CVE-2015-4477\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4477\n[  31 ] CVE-2015-4478\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478\n[  32 ] CVE-2015-4478\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4478\n[  33 ] CVE-2015-4479\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479\n[  34 ] CVE-2015-4479\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4479\n[  35 ] CVE-2015-4480\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480\n[  36 ] CVE-2015-4480\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4480\n[  37 ] CVE-2015-4481\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481\n[  38 ] CVE-2015-4481\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4481\n[  39 ] CVE-2015-4482\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482\n[  40 ] CVE-2015-4482\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4482\n[  41 ] CVE-2015-4483\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483\n[  42 ] CVE-2015-4483\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4483\n[  43 ] CVE-2015-4484\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484\n[  44 ] CVE-2015-4484\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4484\n[  45 ] CVE-2015-4485\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485\n[  46 ] CVE-2015-4485\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4485\n[  47 ] CVE-2015-4486\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486\n[  48 ] CVE-2015-4486\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4486\n[  49 ] CVE-2015-4487\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487\n[  50 ] CVE-2015-4487\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4487\n[  51 ] CVE-2015-4488\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488\n[  52 ] CVE-2015-4488\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4488\n[  53 ] CVE-2015-4489\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489\n[  54 ] CVE-2015-4489\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4489\n[  55 ] CVE-2015-4490\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490\n[  56 ] CVE-2015-4490\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4490\n[  57 ] CVE-2015-4491\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491\n[  58 ] CVE-2015-4491\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4491\n[  59 ] CVE-2015-4492\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492\n[  60 ] CVE-2015-4492\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4492\n[  61 ] CVE-2015-4493\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493\n[  62 ] CVE-2015-4493\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4493\n[  63 ] CVE-2015-7181\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7181\n[  64 ] CVE-2015-7182\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7182\n[  65 ] CVE-2015-7183\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7183\n[  66 ] CVE-2016-1523\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523\n[  67 ] CVE-2016-1523\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1523\n[  68 ] CVE-2016-1930\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930\n[  69 ] CVE-2016-1930\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1930\n[  70 ] CVE-2016-1931\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931\n[  71 ] CVE-2016-1931\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1931\n[  72 ] CVE-2016-1933\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933\n[  73 ] CVE-2016-1933\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1933\n[  74 ] CVE-2016-1935\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935\n[  75 ] CVE-2016-1935\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1935\n[  76 ] CVE-2016-1937\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937\n[  77 ] CVE-2016-1937\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1937\n[  78 ] CVE-2016-1938\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938\n[  79 ] CVE-2016-1938\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1938\n[  80 ] CVE-2016-1939\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939\n[  81 ] CVE-2016-1939\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1939\n[  82 ] CVE-2016-1940\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940\n[  83 ] CVE-2016-1940\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1940\n[  84 ] CVE-2016-1941\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941\n[  85 ] CVE-2016-1941\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1941\n[  86 ] CVE-2016-1942\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942\n[  87 ] CVE-2016-1942\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1942\n[  88 ] CVE-2016-1943\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943\n[  89 ] CVE-2016-1943\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1943\n[  90 ] CVE-2016-1944\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944\n[  91 ] CVE-2016-1944\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1944\n[  92 ] CVE-2016-1945\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945\n[  93 ] CVE-2016-1945\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1945\n[  94 ] CVE-2016-1946\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946\n[  95 ] CVE-2016-1946\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1946\n[  96 ] CVE-2016-1947\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947\n[  97 ] CVE-2016-1947\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1947\n[  98 ] CVE-2016-1948\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948\n[  99 ] CVE-2016-1948\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1948\n[ 100 ] CVE-2016-1949\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949\n[ 101 ] CVE-2016-1949\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1949\n[ 102 ] CVE-2016-1950\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950\n[ 103 ] CVE-2016-1950\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1950\n[ 104 ] CVE-2016-1952\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952\n[ 105 ] CVE-2016-1952\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1952\n[ 106 ] CVE-2016-1953\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953\n[ 107 ] CVE-2016-1953\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1953\n[ 108 ] CVE-2016-1954\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954\n[ 109 ] CVE-2016-1954\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1954\n[ 110 ] CVE-2016-1955\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955\n[ 111 ] CVE-2016-1955\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1955\n[ 112 ] CVE-2016-1956\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956\n[ 113 ] CVE-2016-1956\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1956\n[ 114 ] CVE-2016-1957\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957\n[ 115 ] CVE-2016-1957\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1957\n[ 116 ] CVE-2016-1958\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958\n[ 117 ] CVE-2016-1958\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1958\n[ 118 ] CVE-2016-1959\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959\n[ 119 ] CVE-2016-1959\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1959\n[ 120 ] CVE-2016-1960\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960\n[ 121 ] CVE-2016-1960\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1960\n[ 122 ] CVE-2016-1961\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961\n[ 123 ] CVE-2016-1961\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1961\n[ 124 ] CVE-2016-1962\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962\n[ 125 ] CVE-2016-1962\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1962\n[ 126 ] CVE-2016-1963\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963\n[ 127 ] CVE-2016-1963\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1963\n[ 128 ] CVE-2016-1964\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964\n[ 129 ] CVE-2016-1964\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1964\n[ 130 ] CVE-2016-1965\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965\n[ 131 ] CVE-2016-1965\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1965\n[ 132 ] CVE-2016-1966\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966\n[ 133 ] CVE-2016-1966\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1966\n[ 134 ] CVE-2016-1967\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967\n[ 135 ] CVE-2016-1967\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1967\n[ 136 ] CVE-2016-1968\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968\n[ 137 ] CVE-2016-1968\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1968\n[ 138 ] CVE-2016-1969\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969\n[ 139 ] CVE-2016-1969\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1969\n[ 140 ] CVE-2016-1970\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970\n[ 141 ] CVE-2016-1970\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1970\n[ 142 ] CVE-2016-1971\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971\n[ 143 ] CVE-2016-1971\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1971\n[ 144 ] CVE-2016-1972\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972\n[ 145 ] CVE-2016-1972\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1972\n[ 146 ] CVE-2016-1973\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973\n[ 147 ] CVE-2016-1973\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1973\n[ 148 ] CVE-2016-1974\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974\n[ 149 ] CVE-2016-1974\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1974\n[ 150 ] CVE-2016-1975\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975\n[ 151 ] CVE-2016-1975\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1975\n[ 152 ] CVE-2016-1976\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976\n[ 153 ] CVE-2016-1976\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1976\n[ 154 ] CVE-2016-1977\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977\n[ 155 ] CVE-2016-1977\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1977\n[ 156 ] CVE-2016-1978\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978\n[ 157 ] CVE-2016-1978\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1978\n[ 158 ] CVE-2016-1979\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979\n[ 159 ] CVE-2016-1979\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1979\n[ 160 ] CVE-2016-2790\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790\n[ 161 ] CVE-2016-2790\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2790\n[ 162 ] CVE-2016-2791\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791\n[ 163 ] CVE-2016-2791\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2791\n[ 164 ] CVE-2016-2792\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792\n[ 165 ] CVE-2016-2792\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2792\n[ 166 ] CVE-2016-2793\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793\n[ 167 ] CVE-2016-2793\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2793\n[ 168 ] CVE-2016-2794\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794\n[ 169 ] CVE-2016-2794\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2794\n[ 170 ] CVE-2016-2795\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795\n[ 171 ] CVE-2016-2795\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2795\n[ 172 ] CVE-2016-2796\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796\n[ 173 ] CVE-2016-2796\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2796\n[ 174 ] CVE-2016-2797\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797\n[ 175 ] CVE-2016-2797\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2797\n[ 176 ] CVE-2016-2798\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798\n[ 177 ] CVE-2016-2798\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2798\n[ 178 ] CVE-2016-2799\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799\n[ 179 ] CVE-2016-2799\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2799\n[ 180 ] CVE-2016-2800\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800\n[ 181 ] CVE-2016-2800\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2800\n[ 182 ] CVE-2016-2801\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801\n[ 183 ] CVE-2016-2801\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2801\n[ 184 ] CVE-2016-2802\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802\n[ 185 ] CVE-2016-2802\n        http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2802\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201605-06\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n--Bs4bwglUWSbluQjJQQ051Q7fVoU1XxLw6\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Critical: nss-util security update\nAdvisory ID:       RHSA-2016:0370-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-0370.html\nIssue date:        2016-03-09\nCVE Names:         CVE-2016-1950 \n=====================================================================\n\n1. Summary:\n\nUpdated nss-util packages that fix one security issue are now available for\nRed Hat Enterprise 6 and 7. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. The nss-util package provides a set of utilities for NSS and\nthe Softoken module. \n\nA heap-based buffer overflow flaw was found in the way NSS parsed certain\nASN.1 structures. An attacker could use this flaw to create a specially\ncrafted certificate which, when parsed by NSS, could cause it to crash, or\nexecute arbitrary code, using the permissions of the user running an\napplication compiled against the NSS library. (CVE-2016-1950)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. \nUpstream acknowledges Francis Gabriel as the original reporter. \n\nAll nss-util users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the nss and nss-util library must be\nrestarted, or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nnss-util-3.19.1-5.el6_7.src.rpm\n\ni386:\nnss-util-3.19.1-5.el6_7.i686.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\n\nx86_64:\nnss-util-3.19.1-5.el6_7.i686.rpm\nnss-util-3.19.1-5.el6_7.x86_64.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\nnss-util-devel-3.19.1-5.el6_7.i686.rpm\n\nx86_64:\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm\nnss-util-devel-3.19.1-5.el6_7.i686.rpm\nnss-util-devel-3.19.1-5.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nnss-util-3.19.1-5.el6_7.src.rpm\n\nx86_64:\nnss-util-3.19.1-5.el6_7.i686.rpm\nnss-util-3.19.1-5.el6_7.x86_64.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm\nnss-util-devel-3.19.1-5.el6_7.i686.rpm\nnss-util-devel-3.19.1-5.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nnss-util-3.19.1-5.el6_7.src.rpm\n\ni386:\nnss-util-3.19.1-5.el6_7.i686.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\nnss-util-devel-3.19.1-5.el6_7.i686.rpm\n\nppc64:\nnss-util-3.19.1-5.el6_7.ppc.rpm\nnss-util-3.19.1-5.el6_7.ppc64.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.ppc.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.ppc64.rpm\nnss-util-devel-3.19.1-5.el6_7.ppc.rpm\nnss-util-devel-3.19.1-5.el6_7.ppc64.rpm\n\ns390x:\nnss-util-3.19.1-5.el6_7.s390.rpm\nnss-util-3.19.1-5.el6_7.s390x.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.s390.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.s390x.rpm\nnss-util-devel-3.19.1-5.el6_7.s390.rpm\nnss-util-devel-3.19.1-5.el6_7.s390x.rpm\n\nx86_64:\nnss-util-3.19.1-5.el6_7.i686.rpm\nnss-util-3.19.1-5.el6_7.x86_64.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm\nnss-util-devel-3.19.1-5.el6_7.i686.rpm\nnss-util-devel-3.19.1-5.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nnss-util-3.19.1-5.el6_7.src.rpm\n\ni386:\nnss-util-3.19.1-5.el6_7.i686.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\nnss-util-devel-3.19.1-5.el6_7.i686.rpm\n\nx86_64:\nnss-util-3.19.1-5.el6_7.i686.rpm\nnss-util-3.19.1-5.el6_7.x86_64.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.i686.rpm\nnss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm\nnss-util-devel-3.19.1-5.el6_7.i686.rpm\nnss-util-devel-3.19.1-5.el6_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nnss-util-3.19.1-9.el7_2.src.rpm\n\nx86_64:\nnss-util-3.19.1-9.el7_2.i686.rpm\nnss-util-3.19.1-9.el7_2.x86_64.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.i686.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nnss-util-debuginfo-3.19.1-9.el7_2.i686.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm\nnss-util-devel-3.19.1-9.el7_2.i686.rpm\nnss-util-devel-3.19.1-9.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nnss-util-3.19.1-9.el7_2.src.rpm\n\nx86_64:\nnss-util-3.19.1-9.el7_2.i686.rpm\nnss-util-3.19.1-9.el7_2.x86_64.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.i686.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nnss-util-debuginfo-3.19.1-9.el7_2.i686.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm\nnss-util-devel-3.19.1-9.el7_2.i686.rpm\nnss-util-devel-3.19.1-9.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nnss-util-3.19.1-9.el7_2.src.rpm\n\nppc64:\nnss-util-3.19.1-9.el7_2.ppc.rpm\nnss-util-3.19.1-9.el7_2.ppc64.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.ppc.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.ppc64.rpm\nnss-util-devel-3.19.1-9.el7_2.ppc.rpm\nnss-util-devel-3.19.1-9.el7_2.ppc64.rpm\n\nppc64le:\nnss-util-3.19.1-9.el7_2.ppc64le.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.ppc64le.rpm\nnss-util-devel-3.19.1-9.el7_2.ppc64le.rpm\n\ns390x:\nnss-util-3.19.1-9.el7_2.s390.rpm\nnss-util-3.19.1-9.el7_2.s390x.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.s390.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.s390x.rpm\nnss-util-devel-3.19.1-9.el7_2.s390.rpm\nnss-util-devel-3.19.1-9.el7_2.s390x.rpm\n\nx86_64:\nnss-util-3.19.1-9.el7_2.i686.rpm\nnss-util-3.19.1-9.el7_2.x86_64.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.i686.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm\nnss-util-devel-3.19.1-9.el7_2.i686.rpm\nnss-util-devel-3.19.1-9.el7_2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nnss-util-3.19.1-9.el7_2.src.rpm\n\nx86_64:\nnss-util-3.19.1-9.el7_2.i686.rpm\nnss-util-3.19.1-9.el7_2.x86_64.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.i686.rpm\nnss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm\nnss-util-devel-3.19.1-9.el7_2.i686.rpm\nnss-util-devel-3.19.1-9.el7_2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-1950\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-36\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW3580XlSAg2UNWIIRAovDAJwKx54WxiK95+n4U/9G+nDl0wRlYwCeM1lR\niGa2ZA5NBkpEYzNEuWdBT74=\n=dxl7\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90769"
      },
      {
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "136614"
      },
      {
        "db": "PACKETSTORM",
        "id": "136152"
      },
      {
        "db": "PACKETSTORM",
        "id": "136148"
      },
      {
        "db": "PACKETSTORM",
        "id": "137239"
      },
      {
        "db": "PACKETSTORM",
        "id": "136304"
      },
      {
        "db": "PACKETSTORM",
        "id": "136131"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-90769",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90769"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1950",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "84223",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1035215",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU97668313",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-136",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "136148",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "136131",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "136614",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "136304",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "136152",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "136146",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136826",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136133",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136394",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136723",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-90769",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139002",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136344",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137239",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90769"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "136614"
      },
      {
        "db": "PACKETSTORM",
        "id": "136152"
      },
      {
        "db": "PACKETSTORM",
        "id": "136148"
      },
      {
        "db": "PACKETSTORM",
        "id": "137239"
      },
      {
        "db": "PACKETSTORM",
        "id": "136304"
      },
      {
        "db": "PACKETSTORM",
        "id": "136131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1950"
      }
    ]
  },
  "id": "VAR-201603-0244",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90769"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-29T21:28:51.380000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-03-21-1 iOS 9.3",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
      },
      {
        "title": "APPLE-SA-2016-03-21-2 watchOS 2.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
      },
      {
        "title": "APPLE-SA-2016-03-21-3 tvOS 9.2",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
      },
      {
        "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
      },
      {
        "title": "HT206168",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206168"
      },
      {
        "title": "HT206169",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206169"
      },
      {
        "title": "HT206166",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206166"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT206167"
      },
      {
        "title": "HT206166",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT206166"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT206167"
      },
      {
        "title": "HT206168",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT206168"
      },
      {
        "title": "HT206169",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT206169"
      },
      {
        "title": "NSS 3.19.2.3 release notes",
        "trust": 0.8,
        "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
      },
      {
        "title": "NSS 3.21.1 release notes",
        "trust": 0.8,
        "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
      },
      {
        "title": "MFSA2016-35",
        "trust": 0.8,
        "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
      },
      {
        "title": "MFSA2016-35",
        "trust": 0.8,
        "url": "http://www.mozilla-japan.org/security/announce/2016/mfsa2016-35.html"
      },
      {
        "title": "openSUSE-SU-2016:1557",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Linux Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "Mozilla Firefox  and Firefox ESR Network Security Services Fixes for heap-based buffer overflow vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60496"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90769"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1950"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/84223"
      },
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2016/dsa-3510"
      },
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2016/dsa-3520"
      },
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2016/dsa-3688"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201605-06"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2917-1"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2917-2"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2924-1"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa119"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
      },
      {
        "trust": 1.7,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.2.3_release_notes"
      },
      {
        "trust": 1.7,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.21.1_release_notes"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206166"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206167"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206168"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/ht206169"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-0495.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1035215"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2917-3"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2934-1"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1950"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97668313/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1950"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1950"
      },
      {
        "trust": 0.3,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.3,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1966"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1957"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2795"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1974"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2794"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2798"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2796"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1961"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2797"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2793"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1954"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1964"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2799"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1960"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2800"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2801"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1962"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1965"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1958"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2791"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1977"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2792"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2802"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2790"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1979"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7182"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1978"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1751"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1755"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1753"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1784"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1752"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1775"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1754"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1783"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1748"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1955"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1953"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1567671"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1956"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.12.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1968"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1967"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.14.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1973"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1963"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1959"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/firefox/45.0.1+build1-0ubuntu0.15.10.2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1952"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.14.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.15.10.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.12.04.3"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4485"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2802"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4488"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4492"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1935"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7182"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1931"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1972"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1933"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4483"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4479"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1963"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1960"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4485"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1940"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1939"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2713"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2711"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2718"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1969"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4489"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2796"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4481"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2790"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4477"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1966"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1975"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1946"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2710"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2714"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1523"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4477"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-7183"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4483"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4473"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1959"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1948"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4480"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2712"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4475"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2712"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1977"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4479"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2792"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4486"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2800"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1930"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4487"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2708"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2713"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1938"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1957"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4493"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4488"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1956"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2717"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4478"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4489"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4473"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1962"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2714"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2710"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1941"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1970"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1978"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2709"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2793"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1945"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4486"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4482"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1953"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2711"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4474"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4490"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1958"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1961"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4482"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4484"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1968"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2799"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1947"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1967"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4475"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2791"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1964"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4484"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1937"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2716"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1979"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1943"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1965"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4487"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4490"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1954"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1955"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1976"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2794"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2795"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1973"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4480"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1952"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4491"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1971"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2708"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2718"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4474"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1974"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2797"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2798"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1944"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4481"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-2715"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-1949"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-2717"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1950"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-0370.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "trust": 0.1,
        "url": "https://www.mozilla.org/en-us/security/advisories/mfsa2016-36"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90769"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "136614"
      },
      {
        "db": "PACKETSTORM",
        "id": "136152"
      },
      {
        "db": "PACKETSTORM",
        "id": "136148"
      },
      {
        "db": "PACKETSTORM",
        "id": "137239"
      },
      {
        "db": "PACKETSTORM",
        "id": "136304"
      },
      {
        "db": "PACKETSTORM",
        "id": "136131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1950"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90769"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "db": "PACKETSTORM",
        "id": "136614"
      },
      {
        "db": "PACKETSTORM",
        "id": "136152"
      },
      {
        "db": "PACKETSTORM",
        "id": "136148"
      },
      {
        "db": "PACKETSTORM",
        "id": "137239"
      },
      {
        "db": "PACKETSTORM",
        "id": "136304"
      },
      {
        "db": "PACKETSTORM",
        "id": "136131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1950"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90769"
      },
      {
        "date": "2016-03-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "date": "2016-10-06T20:59:47",
        "db": "PACKETSTORM",
        "id": "139002"
      },
      {
        "date": "2016-03-22T15:12:44",
        "db": "PACKETSTORM",
        "id": "136344"
      },
      {
        "date": "2016-04-08T22:04:38",
        "db": "PACKETSTORM",
        "id": "136614"
      },
      {
        "date": "2016-03-10T14:57:09",
        "db": "PACKETSTORM",
        "id": "136152"
      },
      {
        "date": "2016-03-10T14:56:40",
        "db": "PACKETSTORM",
        "id": "136148"
      },
      {
        "date": "2016-05-31T13:33:03",
        "db": "PACKETSTORM",
        "id": "137239"
      },
      {
        "date": "2016-03-19T15:55:00",
        "db": "PACKETSTORM",
        "id": "136304"
      },
      {
        "date": "2016-03-09T15:25:30",
        "db": "PACKETSTORM",
        "id": "136131"
      },
      {
        "date": "2016-03-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      },
      {
        "date": "2016-03-13T18:59:00.193000",
        "db": "NVD",
        "id": "CVE-2016-1950"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-12-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90769"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      },
      {
        "date": "2019-12-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      },
      {
        "date": "2024-11-21T02:47:24.970000",
        "db": "NVD",
        "id": "CVE-2016-1950"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136148"
      },
      {
        "db": "PACKETSTORM",
        "id": "137239"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mozilla Firefox Used in  Network Security Services Heap-based buffer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001841"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201603-136"
      }
    ],
    "trust": 0.6
  }
}

CVE-2016-1950 (GCVE-0-2016-1950)

Vulnerability from cvelistv5

Published

2016-03-13 18:00

Modified

2024-08-05 23:10

Severity ?

CWE

Summary

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	https://bto.bluecoat.com/security-advisory/sa119	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3688	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	vendor-advisory, x_refsource_APPLE
	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	x_refsource_CONFIRM
	https://support.apple.com/HT206167	x_refsource_CONFIRM
	https://support.apple.com/HT206168	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/84223	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2917-1	vendor-advisory, x_refsource_UBUNTU
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.debian.org/security/2016/dsa-3520	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3510	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2924-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1035215	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201605-06	vendor-advisory, x_refsource_GENTOO
	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	vendor-advisory, x_refsource_APPLE
	http://www.ubuntu.com/usn/USN-2934-1	vendor-advisory, x_refsource_UBUNTU
	https://support.apple.com/HT206169	x_refsource_CONFIRM
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-0495.html	vendor-advisory, x_refsource_REDHAT
	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	x_refsource_CONFIRM
	https://support.apple.com/HT206166	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2917-2	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2917-3	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:10:40.259Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa119"
          },
          {
            "name": "DSA-3688",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3688"
          },
          {
            "name": "openSUSE-SU-2016:1557",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206167"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206168"
          },
          {
            "name": "84223",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84223"
          },
          {
            "name": "SUSE-SU-2016:0820",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2016:0731",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
          },
          {
            "name": "SUSE-SU-2016:0727",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "USN-2917-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2917-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "APPLE-SA-2016-03-21-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
          },
          {
            "name": "DSA-3520",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3520"
          },
          {
            "name": "SUSE-SU-2016:0909",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
          },
          {
            "name": "DSA-3510",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3510"
          },
          {
            "name": "openSUSE-SU-2016:0733",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
          },
          {
            "name": "USN-2924-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2924-1"
          },
          {
            "name": "1035215",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035215"
          },
          {
            "name": "SUSE-SU-2016:0777",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "GLSA-201605-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201605-06"
          },
          {
            "name": "APPLE-SA-2016-03-21-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
          },
          {
            "name": "USN-2934-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2934-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206169"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
          },
          {
            "name": "RHSA-2016:0495",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206166"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
          },
          {
            "name": "USN-2917-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2917-2"
          },
          {
            "name": "USN-2917-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2917-3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa119"
        },
        {
          "name": "DSA-3688",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3688"
        },
        {
          "name": "openSUSE-SU-2016:1557",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206167"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206168"
        },
        {
          "name": "84223",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84223"
        },
        {
          "name": "SUSE-SU-2016:0820",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2016:0731",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
        },
        {
          "name": "SUSE-SU-2016:0727",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "USN-2917-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2917-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "name": "APPLE-SA-2016-03-21-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
        },
        {
          "name": "DSA-3520",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3520"
        },
        {
          "name": "SUSE-SU-2016:0909",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
        },
        {
          "name": "DSA-3510",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3510"
        },
        {
          "name": "openSUSE-SU-2016:0733",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
        },
        {
          "name": "USN-2924-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2924-1"
        },
        {
          "name": "1035215",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035215"
        },
        {
          "name": "SUSE-SU-2016:0777",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "GLSA-201605-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201605-06"
        },
        {
          "name": "APPLE-SA-2016-03-21-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
        },
        {
          "name": "USN-2934-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2934-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206169"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
        },
        {
          "name": "RHSA-2016:0495",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT206166"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
        },
        {
          "name": "USN-2917-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2917-2"
        },
        {
          "name": "USN-2917-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2917-3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@mozilla.org",
          "ID": "CVE-2016-1950",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa119",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa119"
            },
            {
              "name": "DSA-3688",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3688"
            },
            {
              "name": "openSUSE-SU-2016:1557",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
            },
            {
              "name": "https://support.apple.com/HT206167",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206167"
            },
            {
              "name": "https://support.apple.com/HT206168",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "84223",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84223"
            },
            {
              "name": "SUSE-SU-2016:0820",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2016:0731",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
            },
            {
              "name": "SUSE-SU-2016:0727",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "USN-2917-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2917-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "DSA-3520",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3520"
            },
            {
              "name": "SUSE-SU-2016:0909",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
            },
            {
              "name": "DSA-3510",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3510"
            },
            {
              "name": "openSUSE-SU-2016:0733",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
            },
            {
              "name": "USN-2924-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2924-1"
            },
            {
              "name": "1035215",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035215"
            },
            {
              "name": "SUSE-SU-2016:0777",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "GLSA-201605-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201605-06"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "name": "USN-2934-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2934-1"
            },
            {
              "name": "https://support.apple.com/HT206169",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206169"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"
            },
            {
              "name": "RHSA-2016:0495",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0495.html"
            },
            {
              "name": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes",
              "refsource": "CONFIRM",
              "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"
            },
            {
              "name": "https://support.apple.com/HT206166",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT206166"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
            },
            {
              "name": "USN-2917-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2917-2"
            },
            {
              "name": "USN-2917-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2917-3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2016-1950",
    "datePublished": "2016-03-13T18:00:00",
    "dateReserved": "2016-01-20T00:00:00",
    "dateUpdated": "2024-08-05T23:10:40.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

var-201603-0244

Vulnerability from variot

firefox regressions

Affected packages

Description

Workaround

Resolution

References

Availability

Concerns?

License

CVE-2016-1950 (GCVE-0-2016-1950)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature