Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2016-15
HistoryJan 26, 2016 - 12:00 a.m.

Use-after-free in NSS during SSL connections in low memory — Mozilla

2016-01-2600:00:00
Mozilla Foundation
www.mozilla.org
19

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.077 Low

EPSS

Percentile

94.1%

JSON

Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.

CPENameOperatorVersion
firefoxlt44
firefox esrlt38.8
nsslt3.19.2.4
nsslt3.21

Related

prion 1
cve 1
debiancve 1
openvas 29
veracode 1
f5 2
ubuntucve 1
ibm 8
nessus 26
redhat 3
symantec 1
oraclelinux 3
amazon 1
centos 3
freebsd 1
ubuntu 1
debian 2
osv 2
suse 4
gentoo 1
oracle 1
prion
prion
Design/Logic Flaw
2016-03-13 18:59:00
cve
cve
CVE-2016-1978
2016-03-13 18:59:00
debiancve
debiancve
CVE-2016-1978
2016-03-13 18:59:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2016-15) - Linux
2021-11-08 00:00:00
CentOS Update for nspr CESA-2016:0685 centos7
2016-04-26 00:00:00
RedHat Update for nss and nspr RHSA-2016:0684-01
2016-04-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:11:20
f5
f5
K37540306 : Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978
2016-11-15 00:00:00
SOL37540306 - Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978
2016-11-15 00:00:00
ubuntucve
ubuntucve
CVE-2016-1978
2016-03-13 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2016-1978)
2023-02-18 01:45:50
Security Bulletin: Vulnerability in Network Security (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2016-1978)
2023-03-29 01:48:02
Security Bulletin: Vulnerabilities in Mozilla Firefox Network Security Services affect PowerKVM (CVE-2016-1978,CVE-2016-1979)
2018-06-18 01:32:18
nessus
nessus
CentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2016:0685)
2016-04-27 00:00:00
CentOS 6 : nspr / nss / nss-util (CESA-2016:0591)
2016-04-07 00:00:00
Scientific Linux Security Update : nss, nspr, nss-softokn, and nss-util on SL7.x x86_64 (20160425)
2016-04-27 00:00:00
redhat
redhat
(RHSA-2016:0591) Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
(RHSA-2016:0684) Moderate: nss and nspr security, bug fix, and enhancement update
2016-04-25 00:00:00
(RHSA-2016:0685) Moderate: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update
2016-04-25 11:11:50
symantec
symantec
SA124 : NSS Vulnerabilities March 2016
2016-06-07 08:00:00
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2016-04-25 00:00:00
nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update
2016-04-25 00:00:00
amazon
amazon
Medium: nspr, nss-util, nss, nss-softokn
2016-05-18 14:00:00
centos
centos
nspr, nss security update
2016-04-25 13:19:01
nspr, nss security update
2016-04-05 12:27:24
nspr, nss security update
2016-04-25 17:49:11
freebsd
freebsd
NSS -- multiple vulnerabilities
2016-01-26 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2016-05-19 00:00:00
debian
debian
[SECURITY] [DLA 480-1] nss security update
2016-05-18 18:34:37
[SECURITY] [DSA 3688-1] nss security update
2016-10-05 20:20:43
osv
osv
nss - security update
2016-05-18 00:00:00
nss - security update
2016-10-05 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2016-03-15 19:12:14
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2016-03-30 15:07:52
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2016-03-11 20:11:56
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.077 Low

EPSS

Percentile

94.1%

JSON
Related for MFSA2016-15
prion1cve1debiancve1openvas29veracode1f52ubuntucve1ibm8nessus26redhat3symantec1oraclelinux3amazon1centos3freebsd1ubuntu1debian2osv2suse4gentoo1oracle1