Vulnerabilities > CVE-2016-1978 - Remote Code Execution vulnerability in Mozilla Firefox and Network Security Services

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mozilla
nessus

Summary

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

Vulnerable Configurations

Part Description Count
Application
Mozilla
397

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160425_NSS__NSPR__NSS_SOFTOKN__AND_NSS_UTIL_ON_SL7_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Bug Fix(es) : - The nss-softokn package has been updated to be compatible with NSS 3.21.
    last seen2020-03-18
    modified2016-04-27
    plugin id90751
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90751
    titleScientific Linux Security Update : nss, nspr, nss-softokn, and nss-util on SL7.x x86_64 (20160425)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90751);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2016-1978", "CVE-2016-1979");
    
      script_name(english:"Scientific Linux Security Update : nss, nspr, nss-softokn, and nss-util on SL7.x x86_64 (20160425)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following packages have been upgraded to a newer upstream version:
    nss (3.21.0), nss-util (3.21.0), nspr (4.11.0).
    
    Security Fix(es) :
    
      - A use-after-free flaw was found in the way NSS handled
        DHE (DiffieHellman key exchange) and ECDHE (Elliptic
        Curve Diffie-Hellman key exchange) handshake messages. A
        remote attacker could send a specially crafted handshake
        message that, when parsed by an application linked
        against NSS, would cause that application to crash or,
        under certain special conditions, execute arbitrary code
        using the permissions of the user running the
        application. (CVE-2016-1978)
    
      - A use-after-free flaw was found in the way NSS processed
        certain DER (Distinguished Encoding Rules) encoded
        cryptographic keys. An attacker could use this flaw to
        create a specially crafted DER encoded certificate
        which, when parsed by an application compiled against
        the NSS library, could cause that application to crash,
        or execute arbitrary code using the permissions of the
        user running the application. (CVE-2016-1979)
    
    Bug Fix(es) :
    
      - The nss-softokn package has been updated to be
        compatible with NSS 3.21."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=14559
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?81f22e3c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nspr-4.11.0-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nspr-debuginfo-4.11.0-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nspr-devel-4.11.0-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-debuginfo-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-devel-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-debuginfo-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-devel-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-freebl-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-sysinit-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-tools-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-3.21.0-2.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-debuginfo-3.21.0-2.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-devel-3.21.0-2.2.el7_2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nspr-debuginfo / nspr-devel / nss / nss-debuginfo / etc");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_750915166F4B405998846727023DC366.NASL
    descriptionMozilla Foundation reports : Security researcher Hanno Bock reported that calculations with mp_div and mp_exptmod in Network Security Services (NSS) can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to potential cryptographic weaknesses. Mozilla developer Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id89766
    published2016-03-09
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89766
    titleFreeBSD : NSS -- multiple vulnerabilities (75091516-6f4b-4059-9884-6727023dc366)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89766);
      script_version("2.10");
      script_cvs_date("Date: 2018/11/21 10:46:31");
    
      script_cve_id("CVE-2016-1938", "CVE-2016-1978");
    
      script_name(english:"FreeBSD : NSS -- multiple vulnerabilities (75091516-6f4b-4059-9884-6727023dc366)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla Foundation reports :
    
    Security researcher Hanno Bock reported that calculations with mp_div
    and mp_exptmod in Network Security Services (NSS) can produce wrong
    results in some circumstances. These functions are used within NSS for
    a variety of cryptographic division functions, leading to potential
    cryptographic weaknesses.
    
    Mozilla developer Eric Rescorla reported that a failed allocation
    during DHE and ECDHE handshakes would lead to a use-after-free
    vulnerability."
      );
      # https://www.mozilla.org/security/advisories/mfsa2016-07/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/"
      );
      # https://www.mozilla.org/security/advisories/mfsa2016-15/
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://hg.mozilla.org/projects/nss/rev/a245a4ccd354"
      );
      # https://vuxml.freebsd.org/freebsd/75091516-6f4b-4059-9884-6727023dc366.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?71716e32"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c6-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-firefox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-seamonkey");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:nss");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"nss<3.21")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-c6-nss<3.21")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-firefox<44.0,1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-seamonkey<2.41")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0591.NASL
    descriptionFrom Red Hat Security Advisory 2016:0591 : An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90383
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90383
    titleOracle Linux 6 : nspr / nss / nss-util (ELSA-2016-0591)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:0591 and 
    # Oracle Linux Security Advisory ELSA-2016-0591 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90383);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2016-1978", "CVE-2016-1979");
      script_xref(name:"RHSA", value:"2016:0591");
    
      script_name(english:"Oracle Linux 6 : nspr / nss / nss-util (ELSA-2016-0591)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:0591 :
    
    An update for nss, nss-util, and nspr is now available for Red Hat
    Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Network Security Services (NSS) is a set of libraries designed to
    support the cross-platform development of security-enabled client and
    server applications. The nss-util packages provide utilities for use
    with the Network Security Services (NSS) libraries. Netscape Portable
    Runtime (NSPR) provides platform independence for non-GUI operating
    system facilities.
    
    The following packages have been upgraded to a newer upstream version:
    nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874,
    BZ#1299861)
    
    Security Fix(es) :
    
    * A use-after-free flaw was found in the way NSS handled DHE
    (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman
    key exchange) handshake messages. A remote attacker could send a
    specially crafted handshake message that, when parsed by an
    application linked against NSS, would cause that application to crash
    or, under certain special conditions, execute arbitrary code using the
    permissions of the user running the application. (CVE-2016-1978)
    
    * A use-after-free flaw was found in the way NSS processed certain DER
    (Distinguished Encoding Rules) encoded cryptographic keys. An attacker
    could use this flaw to create a specially crafted DER encoded
    certificate which, when parsed by an application compiled against the
    NSS library, could cause that application to crash, or execute
    arbitrary code using the permissions of the user running the
    application. (CVE-2016-1979)
    
    Red Hat would like to thank the Mozilla Project for reporting these
    issues. Upstream acknowledges Eric Rescorla as the original reporter
    of CVE-2016-1978; and Tim Taubert as the original reporter of
    CVE-2016-1979."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-April/005940.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected nspr, nss and / or nss-util packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"nspr-4.11.0-0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nspr-devel-4.11.0-0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-devel-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-pkcs11-devel-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-sysinit-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-tools-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-util-3.21.0-0.3.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-util-devel-3.21.0-0.3.el6_7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nspr-devel / nss / nss-devel / nss-pkcs11-devel / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-702.NASL
    descriptionA use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen2020-06-01
    modified2020-06-02
    plugin id91240
    published2016-05-19
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91240
    titleAmazon Linux AMI : nspr / nss-util,nss,nss-softokn (ALAS-2016-702)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-702.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91240);
      script_version("2.4");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2016-1978", "CVE-2016-1979");
      script_xref(name:"ALAS", value:"2016-702");
    
      script_name(english:"Amazon Linux AMI : nspr / nss-util,nss,nss-softokn (ALAS-2016-702)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A use-after-free flaw was found in the way NSS handled DHE
    (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman
    key exchange) handshake messages. A remote attacker could send a
    specially crafted handshake message that, when parsed by an
    application linked against NSS, would cause that application to crash
    or, under certain special conditions, execute arbitrary code using the
    permissions of the user running the application. (CVE-2016-1978)
    
    A use-after-free flaw was found in the way NSS processed certain DER
    (Distinguished Encoding Rules) encoded cryptographic keys. An attacker
    could use this flaw to create a specially crafted DER encoded
    certificate which, when parsed by an application compiled against the
    NSS library, could cause that application to crash, or execute
    arbitrary code using the permissions of the user running the
    application. (CVE-2016-1979)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-702.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update nspr' to update your system.
    
    Run 'yum update nss-util' to update your system.
    
    Run 'yum update nss' to update your system.
    
    Run 'yum update nss-softokn' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"nspr-4.11.0-1.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nspr-debuginfo-4.11.0-1.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nspr-devel-4.11.0-1.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-debuginfo-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-devel-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-pkcs11-devel-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-debuginfo-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-devel-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-freebl-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-freebl-devel-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-sysinit-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-tools-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-util-3.21.0-2.2.50.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-util-debuginfo-3.21.0-2.2.50.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-util-devel-3.21.0-2.2.50.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nspr-debuginfo / nspr-devel / nss / nss-debuginfo / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0591.NASL
    descriptionAn update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90367
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90367
    titleCentOS 6 : nspr / nss / nss-util (CESA-2016:0591)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0591.NASL
    descriptionAn update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90386
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90386
    titleRHEL 6 : nss, nss-util, and nspr (RHSA-2016:0591)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0684.NASL
    descriptionFrom Red Hat Security Advisory 2016:0684 : An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90745
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90745
    titleOracle Linux 5 : nspr / nss (ELSA-2016-0684)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0684.NASL
    descriptionAn update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90748
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90748
    titleRHEL 5 : nss and nspr (RHSA-2016:0684)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_44.NASL
    descriptionThe version of Firefox installed on the remote Mac OS X host is prior to 44. It is, therefore, affected by the following vulnerabilities : - A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208) - Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1930, CVE-2016-1931) - An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933) - A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935) - A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937) - A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with
    last seen2020-06-01
    modified2020-06-02
    plugin id88459
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88459
    titleFirefox < 44 Multiple Vulnerabilities (Mac OS X)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0684.NASL
    descriptionAn update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90721
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90721
    titleCentOS 5 : nspr / nss (CESA-2016:0684)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0685.NASL
    descriptionAn update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen2020-06-01
    modified2020-06-02
    plugin id90722
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90722
    titleCentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2016:0685)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3688.NASL
    descriptionSeveral vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. - CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS). - CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution. - CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections. - CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS. However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue. - CVE-2016-1978 Eric Rescorla discovered a use-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences. - CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact. - CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS. In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges. This update contains further correctness and stability fixes without immediate security impact.
    last seen2020-06-01
    modified2020-06-02
    plugin id93871
    published2016-10-06
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93871
    titleDebian DSA-3688-1 : nss - security update (Logjam) (SLOTH)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0727-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89929
    published2016-03-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89929
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0727-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0777-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. - MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. - MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. - MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. - MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. - MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. - MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library Mozilla NSS was updated to fix : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Mozilla NSPR was updated to version 4.12 (bsc#969894) - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes - Enable atomic instructions on mips (bmo#1129878) - Fix mips assertion failure when creating thread with custom stack size (bmo#1129968) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89990
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89990
    titleSUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0777-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0685.NASL
    descriptionFrom Red Hat Security Advisory 2016:0685 : An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen2020-06-01
    modified2020-06-02
    plugin id90746
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90746
    titleOracle Linux 7 : nspr / nss / nss-softokn / nss-util (ELSA-2016-0685)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160405_NSS__NSS_UTIL__AND_NSPR_ON_SL6_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (Diffie- Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen2020-03-18
    modified2016-04-07
    plugin id90392
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90392
    titleScientific Linux Security Update : nss, nss-util, and nspr on SL6.x i386/x86_64 (20160405)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1017.NASL
    descriptionAccording to the versions of the nss nspr nss-softokn nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.(CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99780
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99780
    titleChecks the rpm output for the updated packages.
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0685.NASL
    descriptionAn update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen2020-06-01
    modified2020-06-02
    plugin id90749
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90749
    titleRHEL 7 : nss, nspr, nss-softokn, and nss-util (RHSA-2016:0685)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0820-1.NASL
    descriptionMozilla Firefox was updated to 38.7.0 ESR, fixing the following security issues : MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-20/CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing MFSA 2016-21/CVE-2016-1958: Displayed page address can be overridden MFSA 2016-23/CVE-2016-1960: Use-after-free in HTML5 string parser MFSA 2016-24/CVE-2016-1961: Use-after-free in SetBody MFSA 2016-25/CVE-2016-1962: Use-after-free when using multiple WebRTC data channels MFSA 2016-27/CVE-2016-1964: Use-after-free during XML transformations MFSA 2016-28/CVE-2016-1965: Addressbar spoofing though history navigation and Location protocol property MFSA 2016-31/CVE-2016-1966: Memory corruption with malicious NPAPI plugin MFSA 2016-34/CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802: Font vulnerabilities in the Graphite 2 library. Mozilla NSPR was updated to version 4.12, fixing following bugs : Added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. Fixed a memory allocation bug related to the PR_*printf functions Exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 Several minor correctness and compatibility fixes. Mozilla NSS was updated to fix security issues : MFSA 2016-15/CVE-2016-1978: Use-after-free in NSS during SSL connections in low memory MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-36/CVE-2016-1979: Use-after-free during processing of DER encoded keys in NSS. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90065
    published2016-03-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90065
    titleSUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201605-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91379
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91379
    titleGLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-480.NASL
    descriptionThis security update fixes serious security issues in NSS including arbitrary code execution and remote denial service attacks. For Debian 7
    last seen2020-03-17
    modified2016-05-19
    plugin id91242
    published2016-05-19
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91242
    titleDebian DLA-480-1 : nss security update
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_44.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 44. It is, therefore, affected by the following vulnerabilities : - A cookie injection vulnerability exists due to illegal control characters being stored as cookie values in violation of RFC6265. A remote attacker can exploit this to inject cookies. (CVE-2015-7208) - Multiple unspecified memory corruption issues exist that allow a remote attacker to execute arbitrary code. (CVE-2016-1930, CVE-2016-1931) - An integer overflow condition exists due to improper parsing of GIF images during deinterlacing. A remote attacker can exploit this, via a specially crafted GIF image, to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-1933) - A buffer overflow condition exists in WebGL that is triggered when handling cache out-of-memory error conditions. A remote attacker can exploit this to execute arbitrary code. (CVE-2016-1935) - A content spoofing vulnerability exists due to the protocol handler dialog treating double click events as two single click events. A remote attacker can exploit this to spoof content, allowing the attacker to trick a user into performing malicious actions. (CVE-2016-1937) - A cryptographic weakness exists in Network Security Services (NSS) due to incorrect calculations with
    last seen2020-06-01
    modified2020-06-02
    plugin id88461
    published2016-01-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88461
    titleFirefox < 44 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0909-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90263
    published2016-04-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90263
    titleSUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0909-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160425_NSS_AND_NSPR_ON_SL5_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (Diffie- Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen2020-03-18
    modified2016-04-27
    plugin id90752
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90752
    titleScientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20160425)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2973-1.NASL
    descriptionChristian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2805, CVE-2016-2807) Hanno Bock discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1978) A use-after-free was discovered in PK11_ImportDERPrivateKeyInfoAndReturnKey in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1979). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91258
    published2016-05-19
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91258
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : thunderbird vulnerabilities (USN-2973-1)

Redhat

advisories
  • rhsa
    idRHSA-2016:0591
  • rhsa
    idRHSA-2016:0684
  • rhsa
    idRHSA-2016:0685
rpms
  • nspr-0:4.11.0-0.1.el6_7
  • nspr-debuginfo-0:4.11.0-0.1.el6_7
  • nspr-devel-0:4.11.0-0.1.el6_7
  • nss-0:3.21.0-0.3.el6_7
  • nss-debuginfo-0:3.21.0-0.3.el6_7
  • nss-devel-0:3.21.0-0.3.el6_7
  • nss-pkcs11-devel-0:3.21.0-0.3.el6_7
  • nss-sysinit-0:3.21.0-0.3.el6_7
  • nss-tools-0:3.21.0-0.3.el6_7
  • nss-util-0:3.21.0-0.3.el6_7
  • nss-util-debuginfo-0:3.21.0-0.3.el6_7
  • nss-util-devel-0:3.21.0-0.3.el6_7
  • nspr-0:4.11.0-1.el5_11
  • nspr-debuginfo-0:4.11.0-1.el5_11
  • nspr-devel-0:4.11.0-1.el5_11
  • nss-0:3.21.0-6.el5_11
  • nss-debuginfo-0:3.21.0-6.el5_11
  • nss-devel-0:3.21.0-6.el5_11
  • nss-pkcs11-devel-0:3.21.0-6.el5_11
  • nss-tools-0:3.21.0-6.el5_11
  • nspr-0:4.11.0-1.el7_2
  • nspr-debuginfo-0:4.11.0-1.el7_2
  • nspr-devel-0:4.11.0-1.el7_2
  • nss-0:3.21.0-9.el7_2
  • nss-debuginfo-0:3.21.0-9.el7_2
  • nss-devel-0:3.21.0-9.el7_2
  • nss-pkcs11-devel-0:3.21.0-9.el7_2
  • nss-softokn-0:3.16.2.3-14.2.el7_2
  • nss-softokn-debuginfo-0:3.16.2.3-14.2.el7_2
  • nss-softokn-devel-0:3.16.2.3-14.2.el7_2
  • nss-softokn-freebl-0:3.16.2.3-14.2.el7_2
  • nss-softokn-freebl-devel-0:3.16.2.3-14.2.el7_2
  • nss-sysinit-0:3.21.0-9.el7_2
  • nss-tools-0:3.21.0-9.el7_2
  • nss-util-0:3.21.0-2.2.el7_2
  • nss-util-debuginfo-0:3.21.0-2.2.el7_2
  • nss-util-devel-0:3.21.0-2.2.el7_2