CVE-2016-1950

8.8HIGH

Key Information:

Vendor
Mozilla
Status
Network Security Services
Firefox
Firefox Esr
Vendor
CVE Published:
13 March 2016

Summary

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa119
x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3688
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.