FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

NSS -- multiple vulnerabilities

Affected packages
3.20 <= nss < 3.21.1
nss < 3.19.2.3
3.20 <= linux-c6-nss < 3.21.0_1
linux-c6-nss < 3.19.2.3
linux-firefox < 45.0,1
linux-thunderbird < 38.7.0
linux-seamonkey < 2.42

Details

VuXML ID c4292768-5273-4f17-a267-c5fe35125ce4
Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-09-05

Mozilla Foundation reports:

Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user.

[source]

Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes.

[source]

References

CVE Name CVE-2016-1950
CVE Name CVE-2016-1979
URL https://hg.mozilla.org/projects/nss/rev/7033b1193c94
URL https://hg.mozilla.org/projects/nss/rev/b9a31471759d
URL https://www.mozilla.org/security/advisories/mfsa2016-35/
URL https://www.mozilla.org/security/advisories/mfsa2016-36/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.