CVE-2016-1950: Buffer Overflow
First published: Sun Mar 13 2016(Updated: )
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Mozilla NSS ESR | =3.19.2 | |
| Mozilla NSS ESR | =3.20 | |
| Mozilla NSS ESR | =3.20.1 | |
| Mozilla NSS ESR | =3.21 | |
| Any of | ||
| Firefox | <=44.0.2 | |
| Firefox | =38.0 | |
| Firefox | =38.0.1 | |
| Firefox | =38.0.5 | |
| Firefox | =38.1.0 | |
| Firefox | =38.1.1 | |
| Firefox | =38.2.0 | |
| Firefox | =38.2.1 | |
| Firefox | =38.3.0 | |
| Firefox | =38.4.0 | |
| Firefox | =38.5.0 | |
| Firefox | =38.5.1 | |
| Firefox | =38.6.0 | |
| Firefox | =38.6.1 | |
| Oracle Linux | =5.0 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| Oracle VM Server | =3.2 | |
| iStyle @cosme iPhone OS | <=9.2.1 | |
| Apple iOS and macOS | <=10.11.3 | |
| tvOS | <=9.1 | |
| Apple iOS, iPadOS, and watchOS | <=2.1 | |
| GlassFish | =2.1.1 | |
| Oracle iPlanet Web Proxy Server | =4.0 | |
| Sun iPlanet Web Server | =7.0 | |
| SUSE Linux | =13.1 | |
| Mozilla NSS ESR | =3.19.2 | |
| Mozilla NSS ESR | =3.20 | |
| Mozilla NSS ESR | =3.20.1 | |
| Mozilla NSS ESR | =3.21 | |
| Firefox | <=44.0.2 | |
| Firefox ESR | =38.0 | |
| Firefox ESR | =38.0.1 | |
| Firefox ESR | =38.0.5 | |
| Firefox ESR | =38.1.0 | |
| Firefox ESR | =38.1.1 | |
| Firefox ESR | =38.2.0 | |
| Firefox ESR | =38.2.1 | |
| Firefox ESR | =38.3.0 | |
| Firefox ESR | =38.4.0 | |
| Firefox ESR | =38.5.0 | |
| Firefox ESR | =38.5.1 | |
| Firefox ESR | =38.6.0 | |
| Firefox ESR | =38.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2016-0495.html
- http://www.debian.org/security/2016/dsa-3510
- http://www.debian.org/security/2016/dsa-3520
- http://www.debian.org/security/2016/dsa-3688
- http://www.mozilla.org/security/announce/2016/mfsa2016-35.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/84223
- http://www.securitytracker.com/id/1035215
- http://www.ubuntu.com/usn/USN-2917-1
- http://www.ubuntu.com/usn/USN-2917-2
- http://www.ubuntu.com/usn/USN-2917-3
- http://www.ubuntu.com/usn/USN-2924-1
- http://www.ubuntu.com/usn/USN-2934-1
- https://bto.bluecoat.com/security-advisory/sa119
- https://bugzilla.mozilla.org/show_bug.cgi?id=1245528
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes
- https://security.gentoo.org/glsa/201605-06
- https://support.apple.com/HT206166
- https://support.apple.com/HT206167
- https://support.apple.com/HT206168
- https://support.apple.com/HT206169
Frequently Asked Questions
Is there an exploit for CVE-2016-1950?
Yes, CVE-2016-1950 has known exploits that target crafted ASN.1 data in X.509 certificates.
- agent/type
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/author
- agent/last-modified-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/mozilla nss esr
- version/mozilla nss esr/3.19.2
- version/mozilla nss esr/3.20
- version/mozilla nss esr/3.20.1
- version/mozilla nss esr/3.21
- canonical/firefox
- version/firefox/44.0.2
- version/firefox/38.0
- version/firefox/38.0.1
- version/firefox/38.0.5
- version/firefox/38.1.0
- version/firefox/38.1.1
- version/firefox/38.2.0
- version/firefox/38.2.1
- version/firefox/38.3.0
- version/firefox/38.4.0
- version/firefox/38.5.0
- version/firefox/38.5.1
- version/firefox/38.6.0
- version/firefox/38.6.1
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/5.0
- version/oracle linux/6
- version/oracle linux/7
- canonical/oracle vm server
- version/oracle vm server/3.2
- vendor/apple
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/9.2.1
- canonical/apple ios and macos
- version/apple ios and macos/10.11.3
- canonical/tvos
- version/tvos/9.1
- canonical/apple ios, ipados, and watchos
- version/apple ios, ipados, and watchos/2.1
- canonical/glassfish
- version/glassfish/2.1.1
- canonical/oracle iplanet web proxy server
- version/oracle iplanet web proxy server/4.0
- canonical/sun iplanet web server
- version/sun iplanet web server/7.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/13.1
- canonical/firefox esr
- version/firefox esr/38.0
- version/firefox esr/38.0.1
- version/firefox esr/38.0.5
- version/firefox esr/38.1.0
- version/firefox esr/38.1.1
- version/firefox esr/38.2.0
- version/firefox esr/38.2.1
- version/firefox esr/38.3.0
- version/firefox esr/38.4.0
- version/firefox esr/38.5.0
- version/firefox esr/38.5.1
- version/firefox esr/38.6.0
- version/firefox esr/38.6.1