ByteOS Network

▼CVE Numbering Authority (CNA)

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
https://bto.bluecoat.com/security-advisory/sa119	x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3688	vendor-advisory x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	vendor-advisory x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	vendor-advisory x_refsource_APPLE
http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	x_refsource_CONFIRM
https://support.apple.com/HT206167	x_refsource_CONFIRM
https://support.apple.com/HT206168	x_refsource_CONFIRM
http://www.securityfocus.com/bid/84223	vdb-entry x_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	vendor-advisory x_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	vendor-advisory x_refsource_APPLE
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	vendor-advisory x_refsource_SUSE
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2917-1	vendor-advisory x_refsource_UBUNTU
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	vendor-advisory x_refsource_APPLE
http://www.debian.org/security/2016/dsa-3520	vendor-advisory x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	vendor-advisory x_refsource_SUSE
http://www.debian.org/security/2016/dsa-3510	vendor-advisory x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	vendor-advisory x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2924-1	vendor-advisory x_refsource_UBUNTU
http://www.securitytracker.com/id/1035215	vdb-entry x_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	vendor-advisory x_refsource_SUSE
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201605-06	vendor-advisory x_refsource_GENTOO
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	vendor-advisory x_refsource_APPLE
http://www.ubuntu.com/usn/USN-2934-1	vendor-advisory x_refsource_UBUNTU
https://support.apple.com/HT206169	x_refsource_CONFIRM
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-0495.html	vendor-advisory x_refsource_REDHAT
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	x_refsource_CONFIRM
https://support.apple.com/HT206166	x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2917-2	vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2917-3	vendor-advisory x_refsource_UBUNTU

Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Resource:

x_refsource_CONFIRM

Hyperlink: https://bto.bluecoat.com/security-advisory/sa119

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.debian.org/security/2016/dsa-3688

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Resource:

vendor-advisory

x_refsource_APPLE

Hyperlink: http://www.mozilla.org/security/announce/2016/mfsa2016-35.html

Resource:

x_refsource_CONFIRM

Hyperlink: https://support.apple.com/HT206167

Resource:

x_refsource_CONFIRM

Hyperlink: https://support.apple.com/HT206168

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/84223

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

Resource:

vendor-advisory

x_refsource_APPLE

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.ubuntu.com/usn/USN-2917-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

Resource:

vendor-advisory

x_refsource_APPLE

Hyperlink: http://www.debian.org/security/2016/dsa-3520

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://www.debian.org/security/2016/dsa-3510

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://www.ubuntu.com/usn/USN-2924-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.securitytracker.com/id/1035215

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Resource:

x_refsource_CONFIRM

Hyperlink: https://security.gentoo.org/glsa/201605-06

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

Resource:

vendor-advisory

x_refsource_APPLE

Hyperlink: http://www.ubuntu.com/usn/USN-2934-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://support.apple.com/HT206169

Resource:

x_refsource_CONFIRM

Hyperlink: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes

Resource:

x_refsource_CONFIRM

Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0495.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes

Resource:

x_refsource_CONFIRM

Hyperlink: https://support.apple.com/HT206166

Resource:

x_refsource_CONFIRM

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1245528

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.ubuntu.com/usn/USN-2917-2

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://www.ubuntu.com/usn/USN-2917-3

Resource:

vendor-advisory

x_refsource_UBUNTU

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM x_transferred
https://bto.bluecoat.com/security-advisory/sa119	x_refsource_CONFIRM x_transferred
http://www.debian.org/security/2016/dsa-3688	vendor-advisory x_refsource_DEBIAN x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	vendor-advisory x_refsource_APPLE x_transferred
http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	x_refsource_CONFIRM x_transferred
https://support.apple.com/HT206167	x_refsource_CONFIRM x_transferred
https://support.apple.com/HT206168	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/84223	vdb-entry x_refsource_BID x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	vendor-advisory x_refsource_SUSE x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM x_transferred
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	vendor-advisory x_refsource_APPLE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	vendor-advisory x_refsource_SUSE x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM x_transferred
http://www.ubuntu.com/usn/USN-2917-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM x_transferred
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	vendor-advisory x_refsource_APPLE x_transferred
http://www.debian.org/security/2016/dsa-3520	vendor-advisory x_refsource_DEBIAN x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	vendor-advisory x_refsource_SUSE x_transferred
http://www.debian.org/security/2016/dsa-3510	vendor-advisory x_refsource_DEBIAN x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	vendor-advisory x_refsource_SUSE x_transferred
http://www.ubuntu.com/usn/USN-2924-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.securitytracker.com/id/1035215	vdb-entry x_refsource_SECTRACK x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	vendor-advisory x_refsource_SUSE x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	x_refsource_CONFIRM x_transferred
https://security.gentoo.org/glsa/201605-06	vendor-advisory x_refsource_GENTOO x_transferred
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	vendor-advisory x_refsource_APPLE x_transferred
http://www.ubuntu.com/usn/USN-2934-1	vendor-advisory x_refsource_UBUNTU x_transferred
https://support.apple.com/HT206169	x_refsource_CONFIRM x_transferred
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	x_refsource_CONFIRM x_transferred
http://rhn.redhat.com/errata/RHSA-2016-0495.html	vendor-advisory x_refsource_REDHAT x_transferred
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	x_refsource_CONFIRM x_transferred
https://support.apple.com/HT206166	x_refsource_CONFIRM x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	x_refsource_CONFIRM x_transferred
http://www.ubuntu.com/usn/USN-2917-2	vendor-advisory x_refsource_UBUNTU x_transferred
http://www.ubuntu.com/usn/USN-2917-3	vendor-advisory x_refsource_UBUNTU x_transferred