Launchpad CVE tracker

CVE 2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
CONFIRM: https://developer.mozi...
CONFIRM: https://developer.mozi...
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2016-03-21-1
APPLE: APPLE-SA-2016-03-21-2
APPLE: APPLE-SA-2016-03-21-3
APPLE: APPLE-SA-2016-03-21-5
SUSE: openSUSE-SU-2016:1557
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 84223
GENTOO: GLSA-201605-06
CONFIRM: https://bto.bluecoat.c...
DEBIAN: DSA-3510
DEBIAN: DSA-3520
REDHAT: RHSA-2016:0495
SUSE: SUSE-SU-2016:0909
SUSE: SUSE-SU-2016:0727
SUSE: SUSE-SU-2016:0777
SUSE: openSUSE-SU-2016:0731
SUSE: openSUSE-SU-2016:0733
SUSE: SUSE-SU-2016:0820
UBUNTU: USN-2917-2
UBUNTU: USN-2917-3
UBUNTU: USN-2934-1
UBUNTU: USN-2917-1
UBUNTU: USN-2924-1
SECTRACK: 1035215
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3688

Launchpad.net

CVE 2016-1950

Related bugs

References