Home

CVE-2016-1950

Description

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.867

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox (45.0)Windows
Update for Mozilla Firefox x64 (45.0)Windows
Update for Mozilla Firefox (45.0.1)Windows
Update for Mozilla Firefox x64 (45.0.1)Windows
Update for Mozilla Firefox (45.0.2)Windows
Update for Mozilla Firefox x64 (45.0.2)Windows
Update for Mozilla Firefox ESR (38.7.0)Windows
Update for Mozilla Firefox ESR (45.1.0)Windows
Update for Mozilla Firefox ESR (45.1.1)Windows
Update for Mozilla Firefox ESR (45.2.0)Windows
Update for Mozilla Firefox ESR (45.3.0)Windows
Update for Mozilla Thunderbird (38.7.0)Windows
Update for Mozilla Thunderbird (38.7.1)Windows
Update for Mozilla Thunderbird (38.7.2)Windows
Update for Mozilla Thunderbird (45.0)Windows
Update for Mozilla Thunderbird (45.1.1)Windows
Update for Mozilla Thunderbird (45.2.0)Windows
Update for Mozilla Thunderbird (45.3.0)Windows
Update for Mozilla Firefox ESR (45.4.0)Windows
Update for Mozilla Thunderbird (45.4.0)Windows
Update for Mozilla Firefox ESR (45.5.0)Windows
Update for Mozilla Thunderbird (45.5.0)Windows
Update for Mozilla Firefox ESR (45.5.1)Windows
Update for Mozilla Thunderbird (45.5.1)Windows
Update for Mozilla Firefox ESR (45.6.0)Windows
Update for Mozilla Firefox ESR x64 (45.6.0)Windows
Update for Mozilla Thunderbird (45.6.0)Windows
Update for Mozilla Firefox ESR (45.7.0)Windows
Update for Mozilla Firefox ESR x64 (45.7.0)Windows
Update for Mozilla Thunderbird (45.7.0)Windows
Update for Mozilla Thunderbird (45.7.1)Windows
Update for Mozilla Thunderbird (45.8.0)Windows
Update for Mozilla Firefox ESR (45.8.0)Windows
Update for Mozilla Firefox ESR x64 (45.8.0)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (45.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (45.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (45.0.2)Mac
Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 UpdateMac
Multiple vulnerabilities are fixed in OS X El Capitan 10.11.4 Combo UpdateMac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.1.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.1.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.0.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.0.5Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.0.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.0.5Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.2.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.2.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.1.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.2.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.1.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.2.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.3.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.3.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.4.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.4.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.5.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.5.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.6.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.5.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.5.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.6.0Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 38.6.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 38.6.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 44.0.2Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 38.7Mac
Mozilla Open Source web browser (USN-2917-1) firefox_45.0+build2-0ubuntu0.12.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2917-1) firefox_45.0+build2-0ubuntu0.12.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2917-1) firefox_45.0+build2-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2917-1) firefox_45.0+build2-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2917-1) firefox_45.0+build2-0ubuntu0.15.10.1_i386.debLinux
Mozilla Open Source web browser (USN-2917-1) firefox_45.0+build2-0ubuntu0.15.10.1_amd64.debLinux
Network Security Service library (USN-2924-1) libnss3_3.21-0ubuntu0.12.04.3_i386.debLinux
Network Security Service library (USN-2924-1) libnss3_3.21-0ubuntu0.12.04.3_amd64.debLinux
Network Security Service library (USN-2924-1) libnss3_3.21-0ubuntu0.14.04.2_i386.debLinux
Network Security Service library (USN-2924-1) libnss3_3.21-0ubuntu0.14.04.2_amd64.debLinux
Network Security Service library (USN-2924-1) libnss3_3.21-0ubuntu0.15.10.2_i386.debLinux
Network Security Service library (USN-2924-1) libnss3_3.21-0ubuntu0.15.10.2_amd64.debLinux
Mozilla Open Source web browser (USN-2917-3) firefox_45.0.2+build1-0ubuntu0.12.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2917-3) firefox_45.0.2+build1-0ubuntu0.12.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2917-3) firefox_45.0.2+build1-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source web browser (USN-2917-3) firefox_45.0.2+build1-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-2917-3) firefox_45.0.2+build1-0ubuntu0.15.10.1_i386.debLinux
Mozilla Open Source web browser (USN-2917-3) firefox_45.0.2+build1-0ubuntu0.15.10.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-2934-1) thunderbird_38.7.2+build1-0ubuntu0.12.04.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-2934-1) thunderbird_38.7.2+build1-0ubuntu0.12.04.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-2934-1) thunderbird_38.7.2+build1-0ubuntu0.14.04.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-2934-1) thunderbird_38.7.2+build1-0ubuntu0.14.04.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-2934-1) thunderbird_38.7.2+build1-0ubuntu0.15.10.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-2934-1) thunderbird_38.7.2+build1-0ubuntu0.15.10.1_amd64.debLinux
Mozilla Open Source mail and newsgroup client (USN-2934-1) thunderbird_38.7.2+build1-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-2934-1) thunderbird_38.7.2+build1-0ubuntu0.16.04.1_amd64.debLinux
SUSE-SU-2017:1175-1(SUSE Linux Enterprise Server 11-SP4 ) mozilla-nspr-4.13.1-32.1.x86_64.rpmLinux
SUSE-SU-2017:1175-1(SUSE Linux Enterprise Server 11-SP4 ) mozilla-nspr-32bit-4.13.1-32.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) MozillaFirefox-45.9.0esr-105.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) MozillaFirefox-debuginfo-45.9.0esr-105.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) MozillaFirefox-debugsource-45.9.0esr-105.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) MozillaFirefox-translations-45.9.0esr-105.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) java-1_8_0-openjdk-1.8.0.121-23.4.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) java-1_8_0-openjdk-debuginfo-1.8.0.121-23.4.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) java-1_8_0-openjdk-debugsource-1.8.0.121-23.4.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Server 12-SP1 ) java-1_8_0-openjdk-demo-1.8.0.121-23.4.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Server 12-SP1 ) java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-23.4.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Server 12-SP1 ) java-1_8_0-openjdk-devel-1.8.0.121-23.4.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) java-1_8_0-openjdk-headless-1.8.0.121-23.4.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-23.4.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) libfreebl3-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) libfreebl3-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) libfreebl3-debuginfo-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) libfreebl3-debuginfo-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Server 12-SP1 ) libfreebl3-hmac-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Server 12-SP1 ) libfreebl3-hmac-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) libsoftokn3-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) libsoftokn3-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) libsoftokn3-debuginfo-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) libsoftokn3-debuginfo-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Server 12-SP1 ) libsoftokn3-hmac-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Server 12-SP1 ) libsoftokn3-hmac-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nspr-4.13.1-18.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nspr-32bit-4.13.1-18.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nspr-debuginfo-4.13.1-18.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nspr-debuginfo-32bit-4.13.1-18.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nspr-debugsource-4.13.1-18.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-certs-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-certs-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-certs-debuginfo-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-certs-debuginfo-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-debuginfo-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-debuginfo-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-debugsource-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-sysinit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-sysinit-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-sysinit-debuginfo-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-sysinit-debuginfo-32bit-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-tools-3.29.5-57.1.x86_64.rpmLinux
SUSE-SU-2017:1248-1(SUSE Linux Enterprise Desktop 12-SP1 ) mozilla-nss-tools-debuginfo-3.29.5-57.1.x86_64.rpmLinux
Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-1950)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-302201Update for Mozilla Firefox (45.0)
PATCH-302202Update for Mozilla Firefox x64 (45.0)
PATCH-302203Update for Mozilla Firefox (45.0.1)
PATCH-302204Update for Mozilla Firefox x64 (45.0.1)
PATCH-302205Update for Mozilla Firefox (45.0.2)
PATCH-302206Update for Mozilla Firefox x64 (45.0.2)
PATCH-302292Update for Mozilla Firefox ESR (38.7.0)
PATCH-302295Update for Mozilla Firefox ESR (45.1.0)
PATCH-302296Update for Mozilla Firefox ESR (45.1.1)
PATCH-302297Update for Mozilla Firefox ESR (45.2.0)
PATCH-302298Update for Mozilla Firefox ESR (45.3.0)
PATCH-303280Update for Mozilla Thunderbird (38.7.0)
PATCH-303329Update for Mozilla Thunderbird (38.7.1)
PATCH-303369Update for Mozilla Thunderbird (38.7.2)
PATCH-303370Update for Mozilla Thunderbird (45.0)
PATCH-303712Update for Mozilla Thunderbird (45.1.1)
PATCH-303848Update for Mozilla Thunderbird (45.2.0)
PATCH-304041Update for Mozilla Thunderbird (45.3.0)
PATCH-304115Update for Mozilla Firefox ESR (45.4.0)
PATCH-304145Update for Mozilla Thunderbird (45.4.0)
PATCH-304312Update for Mozilla Firefox ESR (45.5.0)
PATCH-304330Update for Mozilla Thunderbird (45.5.0)
PATCH-304377Update for Mozilla Firefox ESR (45.5.1)
PATCH-304378Update for Mozilla Thunderbird (45.5.1)
PATCH-304415Update for Mozilla Firefox ESR (45.6.0)
PATCH-304439Update for Mozilla Firefox ESR x64 (45.6.0)
PATCH-304473Update for Mozilla Thunderbird (45.6.0)
PATCH-304559Update for Mozilla Firefox ESR (45.7.0)
PATCH-304560Update for Mozilla Firefox ESR x64 (45.7.0)
PATCH-304587Update for Mozilla Thunderbird (45.7.0)
PATCH-304621Update for Mozilla Thunderbird (45.7.1)
PATCH-304728Update for Mozilla Thunderbird (45.8.0)
PATCH-304731Update for Mozilla Firefox ESR (45.8.0)
PATCH-304732Update for Mozilla Firefox ESR x64 (45.8.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-600753OS X El Capitan 10.11.6 Update
PATCH-600754OS X El Capitan 10.11.6 Combo Update
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234