Published: 31/01/2016 Updated: 30/10/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, improperly divides numbers, which might make it easier for remote malicious users to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 13.1
opensuse leap 42.1
opensuse opensuse 13.2
mozilla nss
mozilla firefox

Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project CVE-2015-4000 David Adrian et al reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Se ...

USN-2880-1 introduced a regression in Firefox ...

USN-2903-1 introduced a regression in NSS ...

Several security issues were fixed in Thunderbird ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

NSS could be made to expose sensitive information ...

Mozilla Foundation Security Advisory 2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS Announced January 26, 2016 Reporter Hanno Böck Impact High Products Firefox, Firefox ESR, NSS Fixed in ...

The s_mp_div function in lib/freebl/mpi/mpic in Mozilla Network Security Services (NSS) before 321, as used in Mozilla Firefox before 440, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function ...

CWE-310 https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c https://bugzilla.mozilla.org/show_bug.cgi?id=1194947 http://www.mozilla.org/security/announce/2016/mfsa2016-07.html https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/81955 https://security.gentoo.org/glsa/201605-06 http://www.ubuntu.com/usn/USN-2973-1 http://www.ubuntu.com/usn/USN-2903-1 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html http://www.ubuntu.com/usn/USN-2880-1 http://www.ubuntu.com/usn/USN-2903-2 http://www.ubuntu.com/usn/USN-2880-2 https://security.gentoo.org/glsa/201701-46 http://www.securitytracker.com/id/1034825 http://www.debian.org/security/2016/dsa-3688 https://nvd.nist.gov https://www.debian.org/security/./dsa-3688 https://usn.ubuntu.com/2880-2/

CVE-2016-1938

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect