FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

NSS -- multiple vulnerabilities

Affected packages
linux-c6-nss < 3.21
nss < 3.21
linux-firefox < 44.0,1
linux-seamonkey < 2.41

Details

VuXML ID 75091516-6f4b-4059-9884-6727023dc366
Discovery 2016-01-26
Entry 2016-03-08

Mozilla Foundation reports:

Security researcher Hanno Böck reported that calculations with mp_div and mp_exptmod in Network Security Services (NSS) can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to potential cryptographic weaknesses.

[source]

Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.

[source]

References

CVE Name CVE-2016-1938
CVE Name CVE-2016-1978
URL https://hg.mozilla.org/projects/nss/rev/a245a4ccd354
URL https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a
URL https://www.mozilla.org/security/advisories/mfsa2016-07/
URL https://www.mozilla.org/security/advisories/mfsa2016-15/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.