CVE-2016-1938

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
opensuseleap
42.1
opensuseopensuse
13.1
opensuseopensuse
13.2
mozillanss
𝑥
≤ 3.20.1
mozillafirefox
𝑥
≤ 43.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nss
bullseye
2:3.61-1+deb11u3
fixed
jessie
not-affected
wheezy
not-affected
squeeze
not-affected
bullseye (security)
2:3.61-1+deb11u4
fixed
bookworm
2:3.87.1-1
fixed
sid
2:3.105-2
fixed
trixie
2:3.105-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
zesty
Fixed 44.0+build3-0ubuntu1
released
yakkety
Fixed 44.0+build3-0ubuntu1
released
xenial
Fixed 44.0+build3-0ubuntu1
released
wily
Fixed 44.0+build3-0ubuntu0.15.10.1
released
vivid
Fixed 44.0+build3-0ubuntu0.15.04.1
released
trusty
Fixed 44.0+build3-0ubuntu0.14.04.1
released
precise
Fixed 44.0+build3-0ubuntu0.12.04.1
released
nss
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
Fixed 2:3.21-0ubuntu0.15.10.1
released
vivid
ignored
trusty
Fixed 2:3.21-0ubuntu0.14.04.1
released
precise
Fixed 2:3.21-0ubuntu0.12.04.1
released
thunderbird
zesty
Fixed 1:38.8.0+build1-0ubuntu1
released
yakkety
Fixed 1:38.8.0+build1-0ubuntu1
released
xenial
Fixed 1:38.8.0+build1-0ubuntu0.16.04.1
released
wily
Fixed 1:38.8.0+build1-0ubuntu0.15.10.1
released
vivid
ignored
trusty
Fixed 1:38.8.0+build1-0ubuntu0.14.04.1
released
precise
Fixed 1:38.8.0+build1-0ubuntu0.12.04.1
released
Common Weakness Enumeration
References