CVE-2016-1938
Publication date 26 January 2016
Last updated 24 July 2024
Ubuntu priority
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| firefox | ||
| 16.04 LTS xenial |
Fixed 44.0+build3-0ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 44.0+build3-0ubuntu0.14.04.1
|
|
| nss | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Fixed 2:3.21-0ubuntu0.14.04.1
|
|
| thunderbird | ||
| 16.04 LTS xenial |
Fixed 1:38.8.0+build1-0ubuntu0.16.04.1
|
|
| 14.04 LTS trusty |
Fixed 1:38.8.0+build1-0ubuntu0.14.04.1
|
|
Patch details
| Package | Patch details |
|---|---|
| nss |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-2973-1
- Thunderbird vulnerabilities
- 19 May 2016
- USN-2880-1
- Firefox vulnerabilities
- 27 January 2016
- USN-2903-1
- NSS vulnerability
- 17 February 2016