CVE-2016-1938

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
opensuseleap
42.1
opensuseopensuse
13.1
opensuseopensuse
13.2
mozillanss
𝑥
≤ 3.20.1
mozillafirefox
𝑥
≤ 43.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nss
bookworm
2:3.87.1-1
fixed
bullseye
2:3.61-1+deb11u3
fixed
bullseye (security)
2:3.61-1+deb11u4
fixed
jessie
not-affected
sid
2:3.105-2
fixed
squeeze
not-affected
trixie
2:3.105-2
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
precise
Fixed 44.0+build3-0ubuntu0.12.04.1
released
trusty
Fixed 44.0+build3-0ubuntu0.14.04.1
released
vivid
Fixed 44.0+build3-0ubuntu0.15.04.1
released
wily
Fixed 44.0+build3-0ubuntu0.15.10.1
released
xenial
Fixed 44.0+build3-0ubuntu1
released
yakkety
Fixed 44.0+build3-0ubuntu1
released
zesty
Fixed 44.0+build3-0ubuntu1
released
nss
precise
Fixed 2:3.21-0ubuntu0.12.04.1
released
trusty
Fixed 2:3.21-0ubuntu0.14.04.1
released
vivid
ignored
wily
Fixed 2:3.21-0ubuntu0.15.10.1
released
xenial
not-affected
yakkety
not-affected
zesty
not-affected
thunderbird
precise
Fixed 1:38.8.0+build1-0ubuntu0.12.04.1
released
trusty
Fixed 1:38.8.0+build1-0ubuntu0.14.04.1
released
vivid
ignored
wily
Fixed 1:38.8.0+build1-0ubuntu0.15.10.1
released
xenial
Fixed 1:38.8.0+build1-0ubuntu0.16.04.1
released
yakkety
Fixed 1:38.8.0+build1-0ubuntu1
released
zesty
Fixed 1:38.8.0+build1-0ubuntu1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
MozillaFirefox
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise desktop 15 SP1
60.6.2-3.32.1
fixed
suse enterprise desktop 15 SP2
68.8.0-3.87.1
fixed
suse enterprise desktop 15 SP3
78.10.0-8.38.1
fixed
suse enterprise desktop 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise desktop 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise desktop 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise desktop 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise sap 15 SP1
60.6.2-3.32.1
fixed
suse enterprise sap 15 SP2
68.8.0-3.87.1
fixed
suse enterprise sap 15 SP3
78.10.0-8.38.1
fixed
suse enterprise sap 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise sap 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise sap 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise sap 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
suse enterprise server 15 SP1
60.6.2-3.32.1
fixed
suse enterprise server 15 SP2
68.8.0-3.87.1
fixed
suse enterprise server 15 SP3
78.10.0-8.38.1
fixed
suse enterprise server 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise server 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise server 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise server 15 SP7
128.9.0-150200.152.176.1
fixed
MozillaFirefox-branding-SLE
suse enterprise sap 12
31.0-20.1
fixed
suse enterprise sap 12 SP1
31.0-20.1
fixed
suse enterprise server 12
31.0-20.1
fixed
suse enterprise server 12 SP1
31.0-20.1
fixed
MozillaFirefox-devel
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise desktop 15 SP1
60.6.2-3.32.1
fixed
suse enterprise desktop 15 SP2
68.8.0-3.87.1
fixed
suse enterprise desktop 15 SP3
78.10.0-8.38.1
fixed
suse enterprise desktop 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise desktop 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise desktop 15 SP6
102.12.0-150200.152.90.1
fixed
suse enterprise desktop 15 SP7
102.12.0-150200.152.90.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise sap 15 SP1
60.6.2-3.32.1
fixed
suse enterprise sap 15 SP2
68.8.0-3.87.1
fixed
suse enterprise sap 15 SP3
78.10.0-8.38.1
fixed
suse enterprise sap 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise sap 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise sap 15 SP6
102.12.0-150200.152.90.1
fixed
suse enterprise sap 15 SP7
102.12.0-150200.152.90.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
suse enterprise server 15 SP1
60.6.2-3.32.1
fixed
suse enterprise server 15 SP2
68.8.0-3.87.1
fixed
suse enterprise server 15 SP3
78.10.0-8.38.1
fixed
suse enterprise server 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise server 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise server 15 SP6
102.12.0-150200.152.90.1
fixed
suse enterprise server 15 SP7
102.12.0-150200.152.90.1
fixed
MozillaFirefox-translations-common
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise desktop 15 SP1
60.6.2-3.32.1
fixed
suse enterprise desktop 15 SP2
68.8.0-3.87.1
fixed
suse enterprise desktop 15 SP3
78.10.0-8.38.1
fixed
suse enterprise desktop 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise desktop 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise desktop 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise desktop 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise sap 15 SP1
60.6.2-3.32.1
fixed
suse enterprise sap 15 SP2
68.8.0-3.87.1
fixed
suse enterprise sap 15 SP3
78.10.0-8.38.1
fixed
suse enterprise sap 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise sap 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise sap 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise sap 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
suse enterprise server 15 SP1
60.6.2-3.32.1
fixed
suse enterprise server 15 SP2
68.8.0-3.87.1
fixed
suse enterprise server 15 SP3
78.10.0-8.38.1
fixed
suse enterprise server 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise server 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise server 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise server 15 SP7
128.9.0-150200.152.176.1
fixed
MozillaFirefox-translations-other
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise desktop 15 SP1
60.6.2-3.32.1
fixed
suse enterprise desktop 15 SP2
68.8.0-3.87.1
fixed
suse enterprise desktop 15 SP3
78.10.0-8.38.1
fixed
suse enterprise desktop 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise desktop 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise desktop 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise desktop 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise sap 15 SP1
60.6.2-3.32.1
fixed
suse enterprise sap 15 SP2
68.8.0-3.87.1
fixed
suse enterprise sap 15 SP3
78.10.0-8.38.1
fixed
suse enterprise sap 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise sap 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise sap 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise sap 15 SP7
128.9.0-150200.152.176.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
suse enterprise server 15 SP1
60.6.2-3.32.1
fixed
suse enterprise server 15 SP2
68.8.0-3.87.1
fixed
suse enterprise server 15 SP3
78.10.0-8.38.1
fixed
suse enterprise server 15 SP4
91.8.0-150200.152.26.1
fixed
suse enterprise server 15 SP5
102.11.0-150200.152.87.1
fixed
suse enterprise server 15 SP6
115.10.0-150200.152.134.1
fixed
suse enterprise server 15 SP7
128.9.0-150200.152.176.1
fixed
libfreebl3
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libfreebl3-32bit
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libfreebl3-hmac
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libfreebl3-hmac-32bit
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libsoftokn3
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libsoftokn3-32bit
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libsoftokn3-hmac
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
libsoftokn3-hmac-32bit
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-32bit
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-certs
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-certs-32bit
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-sysinit
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-sysinit-32bit
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
mozilla-nss-tools
suse enterprise sap 12
3.20.2-37.1
fixed
suse enterprise sap 12 SP1
3.20.2-37.1
fixed
suse enterprise sap 12 SP5
3.45-58.31.1
fixed
suse enterprise server 12
3.20.2-37.1
fixed
suse enterprise server 12 SP1
3.20.2-37.1
fixed
suse enterprise server 12 SP5
3.45-58.31.1
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html
http://www.debian.org/security/2016/dsa-3688
http://www.mozilla.org/security/announce/2016/mfsa2016-07.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.securityfocus.com/bid/81955
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034825
http://www.ubuntu.com/usn/USN-2880-1
http://www.ubuntu.com/usn/USN-2880-2
http://www.ubuntu.com/usn/USN-2903-1
http://www.ubuntu.com/usn/USN-2903-2
http://www.ubuntu.com/usn/USN-2973-1
https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248
https://bugzilla.mozilla.org/show_bug.cgi?id=1194947
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c
https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c
https://security.gentoo.org/glsa/201605-06
https://security.gentoo.org/glsa/201701-46
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html
http://www.debian.org/security/2016/dsa-3688
http://www.mozilla.org/security/announce/2016/mfsa2016-07.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.securityfocus.com/bid/81955
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1034825
http://www.ubuntu.com/usn/USN-2880-1
http://www.ubuntu.com/usn/USN-2880-2
http://www.ubuntu.com/usn/USN-2903-1
http://www.ubuntu.com/usn/USN-2903-2
http://www.ubuntu.com/usn/USN-2973-1
https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248
https://bugzilla.mozilla.org/show_bug.cgi?id=1194947
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c
https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c
https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c
https://security.gentoo.org/glsa/201605-06
https://security.gentoo.org/glsa/201701-46