Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2016-15
HistoryJan 26, 2016 - 12:00 a.m.

Use-after-free in NSS during SSL connections in low memory — Mozilla

2016-01-2600:00:00
Mozilla Foundation
www.mozilla.org
21

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.077 Low

EPSS

Percentile

94.2%

JSON

Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.

Affected configurations

Vulners
Node
mozillafirefoxRange<44
OR
mozillafirefox_esrRange<38.8
OR
mozillanssRange<3.19.2.4
OR
mozillanssRange<3.21
CPENameOperatorVersion
firefoxlt44
firefox esrlt38.8
nsslt3.19.2.4
nsslt3.21

Related

veracode 1
f5 2
ubuntucve 1
ibm 8
prion 1
cve 1
cvelist 1
debiancve 1
openvas 29
nvd 1
oraclelinux 3
centos 3
nessus 26
amazon 1
redhat 3
freebsd 1
symantec 1
ubuntu 1
debian 2
osv 2
suse 4
gentoo 1
oracle 1
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:11:20
f5
f5
K37540306 : Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978
2016-11-15 00:00:00
SOL37540306 - Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978
2016-11-15 00:00:00
ubuntucve
ubuntucve
CVE-2016-1978
2016-03-13 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Network Security Services (NSS) affect the IBM FlashSystem models 840 and 900 (CVE-2016-1978)
2023-02-18 01:45:50
Security Bulletin: Vulnerability in Network Security (NSS) affects IBM SAN Volume Controller and Storwize Family (CVE-2016-1978)
2023-03-29 01:48:02
Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in nss, nss-util, and nspr (CVE-2016-1978, CVE-2016-1979)
2018-06-16 21:44:35
prion
prion
Design/Logic Flaw
2016-03-13 18:59:00
cve
cve
CVE-2016-1978
2016-03-13 18:59:27
cvelist
cvelist
CVE-2016-1978
2016-03-13 18:00:00
debiancve
debiancve
CVE-2016-1978
2016-03-13 18:59:27
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2016-15) - Linux
2021-11-08 00:00:00
CentOS Update for nss-softokn CESA-2016:0685 centos7
2016-04-26 00:00:00
Oracle: Security Advisory (ELSA-2016-0684)
2016-05-09 00:00:00
nvd
nvd
CVE-2016-1978
2016-03-13 18:59:27
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2016-04-25 00:00:00
nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update
2016-04-25 00:00:00
nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
centos
centos
nspr, nss security update
2016-04-25 13:19:01
nspr, nss security update
2016-04-05 12:27:24
nspr, nss security update
2016-04-25 17:49:11
nessus
nessus
Oracle Linux 6 : nspr / nss / nss-util (ELSA-2016-0591)
2016-04-07 00:00:00
FreeBSD : NSS -- multiple vulnerabilities (75091516-6f4b-4059-9884-6727023dc366)
2016-03-09 00:00:00
Amazon Linux AMI : nspr / nss-util,nss,nss-softokn (ALAS-2016-702)
2016-05-19 00:00:00
amazon
amazon
Medium: nspr, nss-util, nss, nss-softokn
2016-05-18 14:00:00
redhat
redhat
(RHSA-2016:0684) Moderate: nss and nspr security, bug fix, and enhancement update
2016-04-25 00:00:00
(RHSA-2016:0685) Moderate: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update
2016-04-25 11:11:50
(RHSA-2016:0591) Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
freebsd
freebsd
NSS -- multiple vulnerabilities
2016-01-26 00:00:00
symantec
symantec
SA124 : NSS Vulnerabilities March 2016
2016-06-07 08:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2016-05-19 00:00:00
debian
debian
[SECURITY] [DLA 480-1] nss security update
2016-05-18 18:34:37
[SECURITY] [DSA 3688-1] nss security update
2016-10-05 20:20:43
osv
osv
nss - security update
2016-05-18 00:00:00
nss - security update
2016-10-05 00:00:00
suse
suse
Security update for MozillaFirefox (important)
2016-03-18 18:12:42
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2016-03-30 15:07:52
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2016-03-11 20:11:56
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2016-05-31 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.077 Low

EPSS

Percentile

94.2%

JSON
Related for MFSA2016-15
veracode1f52ubuntucve1ibm8prion1cve1cvelist1debiancve1openvas29nvd1oraclelinux3centos3nessus26amazon1redhat3freebsd1symantec1ubuntu1debian2osv2suse4gentoo1oracle1