FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

NSS -- multiple vulnerabilities

Affected packages
3.20 <= linux-c6-nss < 3.21.1
linux-c6-nss < 3.19.2.3
3.20 <= nss < 3.21.1
nss < 3.19.2.3
linux-firefox < 45.0,1
linux-thunderbird < 38.7.0
linux-seamonkey < 2.42

Details

VuXML ID c4292768-5273-4f17-a267-c5fe35125ce4
Discovery 2016-03-08
Entry 2016-03-08

Mozilla Foundation reports:

Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user.

Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes.

References

CVE Name CVE-2016-1950
CVE Name CVE-2016-1979
URL https://hg.mozilla.org/projects/nss/rev/7033b1193c94
URL https://hg.mozilla.org/projects/nss/rev/b9a31471759d
URL https://www.mozilla.org/security/advisories/mfsa2016-35/
URL https://www.mozilla.org/security/advisories/mfsa2016-36/