CVE-2016-2834
high
CVSS v3
8.8
CVSS v2
9.3
VIR risk
8.8
Description
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-2834
Vendor advisory: security@mozilla.org — http://www.mozilla.org/security/announce/2016/mfsa2016-61.html
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-2834.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | sid | fixed | 47.0-1 |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | trixie | fixed | 0 |
| ubuntu | 12.04 | affected | |
| ubuntu | 14.04 | affected | |
| ubuntu | 15.10 | affected | |
| ubuntu | 16.04 | affected | |
| suse | 42.1 | affected | |
| suse | 13.1 | affected | |
| suse | 13.2 | affected | |
| suse | 12.0 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | network_security_services | {"endIncluding":"3.22"} | |
| mozilla | firefox | {"endIncluding":"46.0.1"} | |
| novell | suse_linux_enterprise_software_development_kit | 12.0 | |
References
- https://www.suse.com/security/cve/CVE-2016-2834.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
- http://rhn.redhat.com/errata/RHSA-2016-2779.html
- http://www.debian.org/security/2016/dsa-3688
- http://www.mozilla.org/security/announce/2016/mfsa2016-61.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/91072
- http://www.securitytracker.com/id/1036057
- http://www.ubuntu.com/usn/USN-2993-1
- http://www.ubuntu.com/usn/USN-3029-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1206283
- https://bugzilla.mozilla.org/show_bug.cgi?id=1221620
- https://bugzilla.mozilla.org/show_bug.cgi?id=1241034
- https://bugzilla.mozilla.org/show_bug.cgi?id=1241037
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes
- https://security-tracker.debian.org/tracker/CVE-2016-2834
Verify integrity in audit chain (admin only). AS-IS.