ByteOS Network

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	security@mozilla.org	Mailing List
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	security@mozilla.org	Mailing List
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	security@mozilla.org	Mailing List
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	security@mozilla.org	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	security@mozilla.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	security@mozilla.org	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0495.html	security@mozilla.org	N/A
http://www.debian.org/security/2016/dsa-3510	security@mozilla.org	N/A
http://www.debian.org/security/2016/dsa-3520	security@mozilla.org	N/A
http://www.debian.org/security/2016/dsa-3688	security@mozilla.org	N/A
http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	security@mozilla.org	Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	security@mozilla.org	N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	security@mozilla.org	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	security@mozilla.org	N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	security@mozilla.org	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	security@mozilla.org	Third Party Advisory
http://www.securityfocus.com/bid/84223	security@mozilla.org	N/A
http://www.securitytracker.com/id/1035215	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2917-1	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2917-2	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2917-3	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2924-1	security@mozilla.org	N/A
http://www.ubuntu.com/usn/USN-2934-1	security@mozilla.org	N/A
https://bto.bluecoat.com/security-advisory/sa119	security@mozilla.org	N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	security@mozilla.org	Issue Tracking
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	security@mozilla.org	Release Notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	security@mozilla.org	Release Notes
https://security.gentoo.org/glsa/201605-06	security@mozilla.org	N/A
https://support.apple.com/HT206166	security@mozilla.org	Third Party Advisory
https://support.apple.com/HT206167	security@mozilla.org	Third Party Advisory
https://support.apple.com/HT206168	security@mozilla.org	Third Party Advisory
https://support.apple.com/HT206169	security@mozilla.org	Third Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0495.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2016/dsa-3510	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2016/dsa-3520	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2016/dsa-3688	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.securityfocus.com/bid/84223	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1035215	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2917-1	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2917-2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2917-3	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2924-1	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.ubuntu.com/usn/USN-2934-1	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bto.bluecoat.com/security-advisory/sa119	af854a3a-2127-422b-91ae-364da2661108	N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	af854a3a-2127-422b-91ae-364da2661108	Release Notes
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	af854a3a-2127-422b-91ae-364da2661108	Release Notes
https://security.gentoo.org/glsa/201605-06	af854a3a-2127-422b-91ae-364da2661108	N/A
https://support.apple.com/HT206166	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/HT206167	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/HT206168	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/HT206169	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

Source: security@mozilla.org

Resource:

Mailing List

Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

Source: security@mozilla.org

Resource:

Mailing List

Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

Source: security@mozilla.org

Resource:

Mailing List

Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Source: security@mozilla.org

Resource:

Mailing List

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-0495.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2016/dsa-3510

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2016/dsa-3520

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2016/dsa-3688

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.mozilla.org/security/announce/2016/mfsa2016-35.html

Source: security@mozilla.org

Resource:

Vendor Advisory

Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: http://www.securityfocus.com/bid/84223

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.securitytracker.com/id/1035215

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/USN-2917-1

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/USN-2917-2

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/USN-2917-3

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/USN-2924-1

Source: security@mozilla.org

Resource: N/A

Hyperlink: http://www.ubuntu.com/usn/USN-2934-1

Source: security@mozilla.org

Resource: N/A

Hyperlink: https://bto.bluecoat.com/security-advisory/sa119

Source: security@mozilla.org

Resource: N/A

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1245528

Source: security@mozilla.org

Resource:

Issue Tracking

Hyperlink: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes

Source: security@mozilla.org

Resource:

Release Notes

Hyperlink: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes

Source: security@mozilla.org

Resource:

Release Notes

Hyperlink: https://security.gentoo.org/glsa/201605-06

Source: security@mozilla.org

Resource: N/A

Hyperlink: https://support.apple.com/HT206166

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/HT206167

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/HT206168

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/HT206169

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html