Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2016-1978

Published: 13/03/2016 Updated: 04/11/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Firefox

Vulnerability Summary

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) prior to 3.21, as used in Mozilla Firefox prior to 44.0, allows remote malicious users to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla network_security_services

Vendor Advisories

Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Debian Security Advisories: DSA-3688-1 nss -- security update
Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project CVE-2015-4000 David Adrian et al reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data encrypted with Transport Layer Se ...
Amazon Linux AMI: ALAS-2016-702
A use-after-free flaw was found in the way NSS handled DHE (DiffieHellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special ...
Mozilla: Use-after-free in NSS during SSL connections in low memory
Mozilla Foundation Security Advisory 2016-15 Use-after-free in NSS during SSL connections in low memory Announced January 26, 2016 Reporter Eric Rescorla Impact Moderate Products Firefox, Firefox ESR, NSS Fixed in ...

References

NVD-CWE-Otherhttps://bugzilla.mozilla.org/show_bug.cgi?id=1209546http://www.mozilla.org/security/announce/2016/mfsa2016-15.htmlhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_noteshttps://bto.bluecoat.com/security-advisory/sa124http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.securityfocus.com/bid/91787http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0591.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securityfocus.com/bid/84275http://rhn.redhat.com/errata/RHSA-2016-0685.htmlhttps://security.gentoo.org/glsa/201605-06http://rhn.redhat.com/errata/RHSA-2016-0684.htmlhttp://www.ubuntu.com/usn/USN-2973-1http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.htmlhttp://www.securitytracker.com/id/1035258http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.htmlhttp://www.debian.org/security/2016/dsa-3688https://usn.ubuntu.com/2973-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook