Heap-based Buffer Overflow in Mozilla Firefox and NSS Products
CVE-2016-1950

8.8HIGH

Key Information:

Vendor

Mozilla
Status
Network Security Services
Firefox
Firefox Esr
Vendor
CVE Published:
13 March 2016

What is CVE-2016-1950?

A vulnerability exists in Mozilla Network Security Services (NSS) and Mozilla Firefox due to a heap-based buffer overflow. This flaw arises when the software improperly handles crafted ASN.1 data contained in X.509 certificates. Attackers can exploit this vulnerability remotely to execute arbitrary code, potentially leading to unauthorized system access and severe security breaches. It is crucial for users and administrators to apply the necessary updates and patches to mitigate this risk.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa119
x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3688
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.