Vulnerabilities > CVE-2016-1979 - Unspecified vulnerability in Mozilla Firefox

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
mozilla
nessus

Summary

Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.

Vulnerable Configurations

Part Description Count
Application
Mozilla
519

Nessus

  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL20145801.NASL
    descriptionUse-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. (CVE-2016-1979)
    last seen2020-03-17
    modified2016-09-02
    plugin id93257
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93257
    titleF5 Networks BIG-IP : Mozilla NSS vulnerability (K20145801)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from F5 Networks BIG-IP Solution K20145801.
    #
    # The text description of this plugin is (C) F5 Networks.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93257);
      script_version("2.15");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");
    
      script_cve_id("CVE-2016-1979");
    
      script_name(english:"F5 Networks BIG-IP : Mozilla NSS vulnerability (K20145801)");
      script_summary(english:"Checks the BIG-IP version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote device is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Use-after-free vulnerability in the
    PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network
    Security Services (NSS) before 3.21.1, as used in Mozilla Firefox
    before 45.0, allows remote attackers to cause a denial of service or
    possibly have unspecified other impact via crafted key data with DER
    encoding. (CVE-2016-1979)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K20145801"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade to one of the non-vulnerable versions listed in the F5
    Solution K20145801."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"F5 Networks Local Security Checks");
    
      script_dependencies("f5_bigip_detect.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
    
      exit(0);
    }
    
    
    include("f5_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    version = get_kb_item("Host/BIG-IP/version");
    if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
    if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
    if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
    
    sol = "K20145801";
    vmatrix = make_array();
    
    # AFM
    vmatrix["AFM"] = make_array();
    vmatrix["AFM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.3.0-11.5.5");
    vmatrix["AFM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.6");
    
    # AM
    vmatrix["AM"] = make_array();
    vmatrix["AM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.4.0-11.5.5");
    vmatrix["AM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.6");
    
    # APM
    vmatrix["APM"] = make_array();
    vmatrix["APM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.0.0-11.5.5","10.1.0-10.2.4");
    vmatrix["APM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.6");
    
    # ASM
    vmatrix["ASM"] = make_array();
    vmatrix["ASM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.0.0-11.5.5","10.1.0-10.2.4");
    vmatrix["ASM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.6");
    
    # AVR
    vmatrix["AVR"] = make_array();
    vmatrix["AVR"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.0.0-11.5.5");
    vmatrix["AVR"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.6");
    
    # GTM
    vmatrix["GTM"] = make_array();
    vmatrix["GTM"]["affected"  ] = make_list("11.6.0-11.6.1","11.0.0-11.5.5","10.1.0-10.2.4");
    vmatrix["GTM"]["unaffected"] = make_list("11.6.1HF1","11.5.6");
    
    # LC
    vmatrix["LC"] = make_array();
    vmatrix["LC"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.0.0-11.5.5","10.1.0-10.2.4");
    vmatrix["LC"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.6");
    
    # LTM
    vmatrix["LTM"] = make_array();
    vmatrix["LTM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.0.0-11.5.5","10.1.0-10.2.4");
    vmatrix["LTM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.6");
    
    # PEM
    vmatrix["PEM"] = make_array();
    vmatrix["PEM"]["affected"  ] = make_list("12.0.0-12.1.1","11.6.0-11.6.1","11.3.0-11.5.5");
    vmatrix["PEM"]["unaffected"] = make_list("13.0.0","12.1.2","11.6.1HF1","11.5.6");
    
    
    if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
    {
      if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = bigip_get_tested_modules();
      audit_extra = "For BIG-IP module(s) " + tested + ",";
      if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
      else audit(AUDIT_HOST_NOT, "running any of the affected modules");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160425_NSS__NSPR__NSS_SOFTOKN__AND_NSS_UTIL_ON_SL7_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Bug Fix(es) : - The nss-softokn package has been updated to be compatible with NSS 3.21.
    last seen2020-03-18
    modified2016-04-27
    plugin id90751
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90751
    titleScientific Linux Security Update : nss, nspr, nss-softokn, and nss-util on SL7.x x86_64 (20160425)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90751);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2016-1978", "CVE-2016-1979");
    
      script_name(english:"Scientific Linux Security Update : nss, nspr, nss-softokn, and nss-util on SL7.x x86_64 (20160425)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following packages have been upgraded to a newer upstream version:
    nss (3.21.0), nss-util (3.21.0), nspr (4.11.0).
    
    Security Fix(es) :
    
      - A use-after-free flaw was found in the way NSS handled
        DHE (DiffieHellman key exchange) and ECDHE (Elliptic
        Curve Diffie-Hellman key exchange) handshake messages. A
        remote attacker could send a specially crafted handshake
        message that, when parsed by an application linked
        against NSS, would cause that application to crash or,
        under certain special conditions, execute arbitrary code
        using the permissions of the user running the
        application. (CVE-2016-1978)
    
      - A use-after-free flaw was found in the way NSS processed
        certain DER (Distinguished Encoding Rules) encoded
        cryptographic keys. An attacker could use this flaw to
        create a specially crafted DER encoded certificate
        which, when parsed by an application compiled against
        the NSS library, could cause that application to crash,
        or execute arbitrary code using the permissions of the
        user running the application. (CVE-2016-1979)
    
    Bug Fix(es) :
    
      - The nss-softokn package has been updated to be
        compatible with NSS 3.21."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=14559
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?81f22e3c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-softokn-freebl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nspr-4.11.0-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nspr-debuginfo-4.11.0-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nspr-devel-4.11.0-1.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-debuginfo-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-devel-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-pkcs11-devel-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-debuginfo-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-devel-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-freebl-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-softokn-freebl-devel-3.16.2.3-14.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-sysinit-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-tools-3.21.0-9.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-3.21.0-2.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-debuginfo-3.21.0-2.2.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nss-util-devel-3.21.0-2.2.el7_2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nspr-debuginfo / nspr-devel / nss / nss-debuginfo / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0591.NASL
    descriptionFrom Red Hat Security Advisory 2016:0591 : An update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90383
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90383
    titleOracle Linux 6 : nspr / nss / nss-util (ELSA-2016-0591)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:0591 and 
    # Oracle Linux Security Advisory ELSA-2016-0591 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90383);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2016-1978", "CVE-2016-1979");
      script_xref(name:"RHSA", value:"2016:0591");
    
      script_name(english:"Oracle Linux 6 : nspr / nss / nss-util (ELSA-2016-0591)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:0591 :
    
    An update for nss, nss-util, and nspr is now available for Red Hat
    Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Network Security Services (NSS) is a set of libraries designed to
    support the cross-platform development of security-enabled client and
    server applications. The nss-util packages provide utilities for use
    with the Network Security Services (NSS) libraries. Netscape Portable
    Runtime (NSPR) provides platform independence for non-GUI operating
    system facilities.
    
    The following packages have been upgraded to a newer upstream version:
    nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874,
    BZ#1299861)
    
    Security Fix(es) :
    
    * A use-after-free flaw was found in the way NSS handled DHE
    (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman
    key exchange) handshake messages. A remote attacker could send a
    specially crafted handshake message that, when parsed by an
    application linked against NSS, would cause that application to crash
    or, under certain special conditions, execute arbitrary code using the
    permissions of the user running the application. (CVE-2016-1978)
    
    * A use-after-free flaw was found in the way NSS processed certain DER
    (Distinguished Encoding Rules) encoded cryptographic keys. An attacker
    could use this flaw to create a specially crafted DER encoded
    certificate which, when parsed by an application compiled against the
    NSS library, could cause that application to crash, or execute
    arbitrary code using the permissions of the user running the
    application. (CVE-2016-1979)
    
    Red Hat would like to thank the Mozilla Project for reporting these
    issues. Upstream acknowledges Eric Rescorla as the original reporter
    of CVE-2016-1978; and Tim Taubert as the original reporter of
    CVE-2016-1979."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-April/005940.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected nspr, nss and / or nss-util packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"nspr-4.11.0-0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nspr-devel-4.11.0-0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-devel-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-pkcs11-devel-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-sysinit-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-tools-3.21.0-0.3.0.1.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-util-3.21.0-0.3.el6_7")) flag++;
    if (rpm_check(release:"EL6", reference:"nss-util-devel-3.21.0-0.3.el6_7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nspr-devel / nss / nss-devel / nss-pkcs11-devel / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-702.NASL
    descriptionA use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen2020-06-01
    modified2020-06-02
    plugin id91240
    published2016-05-19
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91240
    titleAmazon Linux AMI : nspr / nss-util,nss,nss-softokn (ALAS-2016-702)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-702.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91240);
      script_version("2.4");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2016-1978", "CVE-2016-1979");
      script_xref(name:"ALAS", value:"2016-702");
    
      script_name(english:"Amazon Linux AMI : nspr / nss-util,nss,nss-softokn (ALAS-2016-702)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A use-after-free flaw was found in the way NSS handled DHE
    (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman
    key exchange) handshake messages. A remote attacker could send a
    specially crafted handshake message that, when parsed by an
    application linked against NSS, would cause that application to crash
    or, under certain special conditions, execute arbitrary code using the
    permissions of the user running the application. (CVE-2016-1978)
    
    A use-after-free flaw was found in the way NSS processed certain DER
    (Distinguished Encoding Rules) encoded cryptographic keys. An attacker
    could use this flaw to create a specially crafted DER encoded
    certificate which, when parsed by an application compiled against the
    NSS library, could cause that application to crash, or execute
    arbitrary code using the permissions of the user running the
    application. (CVE-2016-1979)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-702.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update nspr' to update your system.
    
    Run 'yum update nss-util' to update your system.
    
    Run 'yum update nss' to update your system.
    
    Run 'yum update nss-softokn' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nspr");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nspr-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nspr-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-softokn-freebl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-sysinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nss-util-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"nspr-4.11.0-1.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nspr-debuginfo-4.11.0-1.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nspr-devel-4.11.0-1.37.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-debuginfo-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-devel-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-pkcs11-devel-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-debuginfo-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-devel-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-freebl-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-softokn-freebl-devel-3.16.2.3-14.2.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-sysinit-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-tools-3.21.0-9.76.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-util-3.21.0-2.2.50.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-util-debuginfo-3.21.0-2.2.50.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nss-util-devel-3.21.0-2.2.50.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nspr / nspr-debuginfo / nspr-devel / nss / nss-debuginfo / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0591.NASL
    descriptionAn update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90367
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90367
    titleCentOS 6 : nspr / nss / nss-util (CESA-2016:0591)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FIREFOX_45.NASL
    descriptionThe version of Firefox installed on the remote Mac OS X host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id89873
    published2016-03-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89873
    titleFirefox < 45 Multiple Vulnerabilities (Mac OS X)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0591.NASL
    descriptionAn update for nss, nss-util, and nspr is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90386
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90386
    titleRHEL 6 : nss, nss-util, and nspr (RHSA-2016:0591)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-334.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 45.0 (boo#969894) - requires NSPR 4.12 / NSS 3.21.1 - Instant browser tab sharing through Hello - Synced Tabs button in button bar - Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching - Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level - Tab Groups (Panorama) feature removed - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) - required for Firefox 45.0 - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
    last seen2020-06-05
    modified2016-03-14
    plugin id89915
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89915
    titleopenSUSE Security Update : Firefox (openSUSE-2016-334)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0684.NASL
    descriptionFrom Red Hat Security Advisory 2016:0684 : An update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90745
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90745
    titleOracle Linux 5 : nspr / nss (ELSA-2016-0684)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0684.NASL
    descriptionAn update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90748
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90748
    titleRHEL 5 : nss and nspr (RHSA-2016:0684)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0684.NASL
    descriptionAn update for nss and nspr is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979.
    last seen2020-06-01
    modified2020-06-02
    plugin id90721
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90721
    titleCentOS 5 : nspr / nss (CESA-2016:0684)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0685.NASL
    descriptionAn update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen2020-06-01
    modified2020-06-02
    plugin id90722
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90722
    titleCentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2016:0685)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3688.NASL
    descriptionSeveral vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. - CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Security (TLS). - CVE-2015-7181 CVE-2015-7182 CVE-2016-1950 Tyson Smith, David Keeler, and Francis Gabriel discovered heap-based buffer overflows in the ASN.1 DER parser, potentially leading to arbitrary code execution. - CVE-2015-7575 Karthikeyan Bhargavan discovered that TLS client implementation accepted MD5-based signatures for TLS 1.2 connections with forward secrecy, weakening the intended security strength of TLS connections. - CVE-2016-1938 Hanno Boeck discovered that NSS miscomputed the result of integer division for certain inputs. This could weaken the cryptographic protections provided by NSS. However, NSS implements RSA-CRT leak hardening, so RSA private keys are not directly disclosed by this issue. - CVE-2016-1978 Eric Rescorla discovered a use-after-free vulnerability in the implementation of ECDH-based TLS handshakes, with unknown consequences. - CVE-2016-1979 Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER processing, with application-specific impact. - CVE-2016-2834 Tyson Smith and Jed Davis discovered unspecified memory-safety bugs in NSS. In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges. This update contains further correctness and stability fixes without immediate security impact.
    last seen2020-06-01
    modified2020-06-02
    plugin id93871
    published2016-10-06
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93871
    titleDebian DSA-3688-1 : nss - security update (Logjam) (SLOTH)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0727-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89929
    published2016-03-15
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89929
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0727-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0777-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894) - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 A memory leak in libstagefright when deleting an array during MP4 processing was fixed. - MFSA 2016-21/CVE-2016-1958 The displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 A use-after-free in HTML5 string parser was fixed. - MFSA 2016-24/CVE-2016-1961 A use-after-free in SetBody was fixed. - MFSA 2016-25/CVE-2016-1962 A use-after-free when using multiple WebRTC data channels was fixed. - MFSA 2016-27/CVE-2016-1964 A use-after-free during XML transformations was fixed. - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property was fixed. - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin was fixed. - MFSA 2016-34/CVE-2016-1974 A out-of-bounds read in the HTML parser following a failed allocation was fixed. - MFSA 2016-35/CVE-2016-1950 A buffer overflow during ASN.1 decoding in NSS was fixed. - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Various font vulnerabilities were fixed in the embedded Graphite 2 library Mozilla NSS was updated to fix : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Mozilla NSPR was updated to version 4.12 (bsc#969894) - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes - Enable atomic instructions on mips (bmo#1129878) - Fix mips assertion failure when creating thread with custom stack size (bmo#1129968) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id89990
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89990
    titleSUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0777-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0685.NASL
    descriptionFrom Red Hat Security Advisory 2016:0685 : An update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen2020-06-01
    modified2020-06-02
    plugin id90746
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90746
    titleOracle Linux 7 : nspr / nss / nss-softokn / nss-util (ELSA-2016-0685)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160405_NSS__NSS_UTIL__AND_NSPR_ON_SL6_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (Diffie- Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen2020-03-18
    modified2016-04-07
    plugin id90392
    published2016-04-07
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90392
    titleScientific Linux Security Update : nss, nss-util, and nspr on SL6.x i386/x86_64 (20160405)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_45.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 45. It is, therefore, affected by multiple vulnerabilities, the majority of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these issues by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user.
    last seen2020-06-01
    modified2020-06-02
    plugin id89875
    published2016-03-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89875
    titleFirefox < 45 Multiple Vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1017.NASL
    descriptionAccording to the versions of the nss nspr nss-softokn nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application.(CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99780
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99780
    titleChecks the rpm output for the updated packages.
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0685.NASL
    descriptionAn update for nss, nspr, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ# 1299872) Security Fix(es) : * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es) : * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221)
    last seen2020-06-01
    modified2020-06-02
    plugin id90749
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90749
    titleRHEL 7 : nss, nspr, nss-softokn, and nss-util (RHSA-2016:0685)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0820-1.NASL
    descriptionMozilla Firefox was updated to 38.7.0 ESR, fixing the following security issues : MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports MFSA 2016-20/CVE-2016-1957: Memory leak in libstagefright when deleting an array during MP4 processing MFSA 2016-21/CVE-2016-1958: Displayed page address can be overridden MFSA 2016-23/CVE-2016-1960: Use-after-free in HTML5 string parser MFSA 2016-24/CVE-2016-1961: Use-after-free in SetBody MFSA 2016-25/CVE-2016-1962: Use-after-free when using multiple WebRTC data channels MFSA 2016-27/CVE-2016-1964: Use-after-free during XML transformations MFSA 2016-28/CVE-2016-1965: Addressbar spoofing though history navigation and Location protocol property MFSA 2016-31/CVE-2016-1966: Memory corruption with malicious NPAPI plugin MFSA 2016-34/CVE-2016-1974: Out-of-bounds read in HTML parser following a failed allocation MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802: Font vulnerabilities in the Graphite 2 library. Mozilla NSPR was updated to version 4.12, fixing following bugs : Added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. Fixed a memory allocation bug related to the PR_*printf functions Exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 Several minor correctness and compatibility fixes. Mozilla NSS was updated to fix security issues : MFSA 2016-15/CVE-2016-1978: Use-after-free in NSS during SSL connections in low memory MFSA 2016-35/CVE-2016-1950: Buffer overflow during ASN.1 decoding in NSS MFSA 2016-36/CVE-2016-1979: Use-after-free during processing of DER encoded keys in NSS. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90065
    published2016-03-21
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90065
    titleSUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201605-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201605-06 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Firefox, NSS, NSPR, and Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id91379
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91379
    titleGLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C429276852734F17A267C5FE35125CE4.NASL
    descriptionMozilla Foundation reports : Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes.
    last seen2020-06-01
    modified2020-06-02
    plugin id89768
    published2016-03-09
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89768
    titleFreeBSD : NSS -- multiple vulnerabilities (c4292768-5273-4f17-a267-c5fe35125ce4)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3576.NASL
    descriptionMultiple security issues have been found in Icedove, Debian
    last seen2020-06-01
    modified2020-06-02
    plugin id91138
    published2016-05-16
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91138
    titleDebian DSA-3576-1 : icedove - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-480.NASL
    descriptionThis security update fixes serious security issues in NSS including arbitrary code execution and remote denial service attacks. For Debian 7
    last seen2020-03-17
    modified2016-05-19
    plugin id91242
    published2016-05-19
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91242
    titleDebian DLA-480-1 : nss security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-472.NASL
    descriptionThe security update for icedove did not build on armhf. This is resolved by this upload. The text of the original DLA follows : Multiple security issues have been found in Icedove, Debian
    last seen2020-03-17
    modified2016-05-16
    plugin id91134
    published2016-05-16
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91134
    titleDebian DLA-472-2 : icedove regression update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0909-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing following security issues : - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards (rv:45.0 / rv:38.7) - MFSA 2016-17/CVE-2016-1954 Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-20/CVE-2016-1957 Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 Displayed page address can be overridden - MFSA 2016-23/CVE-2016-1960 Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961 Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 Use-after-free when using multiple WebRTC data channels - MFSA 2016-27/CVE-2016-1964 Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-31/CVE-2016-1966 Memory corruption with malicious NPAPI plugin - MFSA 2016-34/CVE-2016-1974 Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs : - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes Mozilla NSS was updated to fix security issues (bsc#969894) : - MFSA 2016-15/CVE-2016-1978 Use-after-free in NSS during SSL connections in low memory - MFSA 2016-35/CVE-2016-1950 Buffer overflow during ASN.1 decoding in NSS - MFSA 2016-36/CVE-2016-1979 Use-after-free during processing of DER encoded keys in NSS Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id90263
    published2016-04-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90263
    titleSUSE SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0909-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160425_NSS_AND_NSPR_ON_SL5_X.NASL
    descriptionThe following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. Security Fix(es) : - A use-after-free flaw was found in the way NSS handled DHE (Diffie- Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) - A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979)
    last seen2020-03-18
    modified2016-04-27
    plugin id90752
    published2016-04-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90752
    titleScientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20160425)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2973-1.NASL
    descriptionChristian Holler, Tyson Smith, and Phil Ringalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-2805, CVE-2016-2807) Hanno Bock discovered that calculations with mp_div and mp_exptmod in NSS produce incorrect results in some circumstances, resulting in cryptographic weaknesses. (CVE-2016-1938) A use-after-free was discovered in ssl3_HandleECDHServerKeyExchange in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1978) A use-after-free was discovered in PK11_ImportDERPrivateKeyInfoAndReturnKey in NSS. A remote attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2016-1979). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91258
    published2016-05-19
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91258
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : thunderbird vulnerabilities (USN-2973-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-332.NASL
    descriptionThis update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : MozillaFirefox was updated to Firefox 45.0 (boo#969894) - requires NSPR 4.12 / NSS 3.21.1 - Instant browser tab sharing through Hello - Synced Tabs button in button bar - Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching - Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level - Tab Groups (Panorama) feature removed - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards - MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports - MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages - MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers - MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing - MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden - MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager - MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser - MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody - MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels - MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader - MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations - MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property - MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore - MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression - MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin - MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection - MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC - MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) - MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 - added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. - fixed a memory allocation bug related to the PR_*printf functions - exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 - added support for FreeBSD aarch64 - several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) - required for Firefox 45.0 - MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) - MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1)
    last seen2020-06-05
    modified2016-03-14
    plugin id89913
    published2016-03-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89913
    titleopenSUSE Security Update : MozillaFirefox / mozilla-nspr / mozilla-nss (openSUSE-2016-332)

Redhat

advisories
  • bugzilla
    id1315565
    titleCVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentnspr is earlier than 0:4.11.0-0.1.el6_7
            ovaloval:com.redhat.rhsa:tst:20160591001
          • commentnspr is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364002
        • AND
          • commentnspr-devel is earlier than 0:4.11.0-0.1.el6_7
            ovaloval:com.redhat.rhsa:tst:20160591003
          • commentnspr-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364004
        • AND
          • commentnss-util-devel is earlier than 0:3.21.0-0.3.el6_7
            ovaloval:com.redhat.rhsa:tst:20160591005
          • commentnss-util-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364016
        • AND
          • commentnss-util is earlier than 0:3.21.0-0.3.el6_7
            ovaloval:com.redhat.rhsa:tst:20160591007
          • commentnss-util is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364018
        • AND
          • commentnss-pkcs11-devel is earlier than 0:3.21.0-0.3.el6_7
            ovaloval:com.redhat.rhsa:tst:20160591009
          • commentnss-pkcs11-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364006
        • AND
          • commentnss-tools is earlier than 0:3.21.0-0.3.el6_7
            ovaloval:com.redhat.rhsa:tst:20160591011
          • commentnss-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364012
        • AND
          • commentnss is earlier than 0:3.21.0-0.3.el6_7
            ovaloval:com.redhat.rhsa:tst:20160591013
          • commentnss is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364010
        • AND
          • commentnss-sysinit is earlier than 0:3.21.0-0.3.el6_7
            ovaloval:com.redhat.rhsa:tst:20160591015
          • commentnss-sysinit is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364008
        • AND
          • commentnss-devel is earlier than 0:3.21.0-0.3.el6_7
            ovaloval:com.redhat.rhsa:tst:20160591017
          • commentnss-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364014
    rhsa
    idRHSA-2016:0591
    released2016-04-05
    severityModerate
    titleRHSA-2016:0591: nss, nss-util, and nspr security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id1315565
    titleCVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentnspr-devel is earlier than 0:4.11.0-1.el5_11
            ovaloval:com.redhat.rhsa:tst:20160684001
          • commentnspr-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925002
        • AND
          • commentnspr is earlier than 0:4.11.0-1.el5_11
            ovaloval:com.redhat.rhsa:tst:20160684003
          • commentnspr is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925004
        • AND
          • commentnss is earlier than 0:3.21.0-6.el5_11
            ovaloval:com.redhat.rhsa:tst:20160684005
          • commentnss is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925010
        • AND
          • commentnss-tools is earlier than 0:3.21.0-6.el5_11
            ovaloval:com.redhat.rhsa:tst:20160684007
          • commentnss-tools is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925012
        • AND
          • commentnss-devel is earlier than 0:3.21.0-6.el5_11
            ovaloval:com.redhat.rhsa:tst:20160684009
          • commentnss-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925006
        • AND
          • commentnss-pkcs11-devel is earlier than 0:3.21.0-6.el5_11
            ovaloval:com.redhat.rhsa:tst:20160684011
          • commentnss-pkcs11-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20150925008
    rhsa
    idRHSA-2016:0684
    released2016-04-25
    severityModerate
    titleRHSA-2016:0684: nss and nspr security, bug fix, and enhancement update (Moderate)
  • bugzilla
    id1315565
    titleCVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentnspr is earlier than 0:4.11.0-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685001
          • commentnspr is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364002
        • AND
          • commentnspr-devel is earlier than 0:4.11.0-1.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685003
          • commentnspr-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364004
        • AND
          • commentnss-util-devel is earlier than 0:3.21.0-2.2.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685005
          • commentnss-util-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364016
        • AND
          • commentnss-util is earlier than 0:3.21.0-2.2.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685007
          • commentnss-util is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364018
        • AND
          • commentnss-softokn-freebl-devel is earlier than 0:3.16.2.3-14.2.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685009
          • commentnss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364024
        • AND
          • commentnss-softokn-freebl is earlier than 0:3.16.2.3-14.2.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685011
          • commentnss-softokn-freebl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364020
        • AND
          • commentnss-softokn is earlier than 0:3.16.2.3-14.2.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685013
          • commentnss-softokn is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364022
        • AND
          • commentnss-softokn-devel is earlier than 0:3.16.2.3-14.2.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685015
          • commentnss-softokn-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364026
        • AND
          • commentnss is earlier than 0:3.21.0-9.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685017
          • commentnss is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364010
        • AND
          • commentnss-tools is earlier than 0:3.21.0-9.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685019
          • commentnss-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364012
        • AND
          • commentnss-sysinit is earlier than 0:3.21.0-9.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685021
          • commentnss-sysinit is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364008
        • AND
          • commentnss-devel is earlier than 0:3.21.0-9.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685023
          • commentnss-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364014
        • AND
          • commentnss-pkcs11-devel is earlier than 0:3.21.0-9.el7_2
            ovaloval:com.redhat.rhsa:tst:20160685025
          • commentnss-pkcs11-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20150364006
    rhsa
    idRHSA-2016:0685
    released2016-04-25
    severityModerate
    titleRHSA-2016:0685: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update (Moderate)
rpms
  • nspr-0:4.11.0-0.1.el6_7
  • nspr-debuginfo-0:4.11.0-0.1.el6_7
  • nspr-devel-0:4.11.0-0.1.el6_7
  • nss-0:3.21.0-0.3.el6_7
  • nss-debuginfo-0:3.21.0-0.3.el6_7
  • nss-devel-0:3.21.0-0.3.el6_7
  • nss-pkcs11-devel-0:3.21.0-0.3.el6_7
  • nss-sysinit-0:3.21.0-0.3.el6_7
  • nss-tools-0:3.21.0-0.3.el6_7
  • nss-util-0:3.21.0-0.3.el6_7
  • nss-util-debuginfo-0:3.21.0-0.3.el6_7
  • nss-util-devel-0:3.21.0-0.3.el6_7
  • nspr-0:4.11.0-1.el5_11
  • nspr-debuginfo-0:4.11.0-1.el5_11
  • nspr-devel-0:4.11.0-1.el5_11
  • nss-0:3.21.0-6.el5_11
  • nss-debuginfo-0:3.21.0-6.el5_11
  • nss-devel-0:3.21.0-6.el5_11
  • nss-pkcs11-devel-0:3.21.0-6.el5_11
  • nss-tools-0:3.21.0-6.el5_11
  • nspr-0:4.11.0-1.el7_2
  • nspr-debuginfo-0:4.11.0-1.el7_2
  • nspr-devel-0:4.11.0-1.el7_2
  • nss-0:3.21.0-9.el7_2
  • nss-debuginfo-0:3.21.0-9.el7_2
  • nss-devel-0:3.21.0-9.el7_2
  • nss-pkcs11-devel-0:3.21.0-9.el7_2
  • nss-softokn-0:3.16.2.3-14.2.el7_2
  • nss-softokn-debuginfo-0:3.16.2.3-14.2.el7_2
  • nss-softokn-devel-0:3.16.2.3-14.2.el7_2
  • nss-softokn-freebl-0:3.16.2.3-14.2.el7_2
  • nss-softokn-freebl-devel-0:3.16.2.3-14.2.el7_2
  • nss-sysinit-0:3.21.0-9.el7_2
  • nss-tools-0:3.21.0-9.el7_2
  • nss-util-0:3.21.0-2.2.el7_2
  • nss-util-debuginfo-0:3.21.0-2.2.el7_2
  • nss-util-devel-0:3.21.0-2.2.el7_2

References