CVE-2016-1938

NameCVE-2016-1938
DescriptionThe s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-427-1, DLA-480-1, DSA-3688-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iceweasel (PTS)wheezy, wheezy (security)38.8.0esr-1~deb7u1fixed
nss (PTS)wheezy2:3.14.5-1+deb7u5vulnerable
wheezy (security)2:3.26-1+debu7u5fixed
jessie (security), jessie2:3.26-1+debu8u3fixed
stretch (security), stretch2:3.26.2-1.1+deb9u1fixed
buster, sid2:3.34.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceweaselsource(unstable)44.0-1medium
iceweaselsourcejessie(not affected)
iceweaselsourcesqueeze(not affected)
iceweaselsourcewheezy(not affected)
nsssource(unstable)2:3.21-1medium
nsssourcejessie2:3.26-1+debu8u1mediumDSA-3688-1
nsssourcesqueeze3.12.8-1+squeeze14mediumDLA-427-1
nsssourcewheezy2:3.14.5-1+deb7u6mediumDLA-480-1

Notes

[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
Marked as fixed in 44.0-1 which would be the version fixing
the issue while using the bundled nss version. iceweasel for
unstable though used the system library.
https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a
https://hg.mozilla.org/projects/nss/rev/608645309ab9
https://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 (not yet public)

Search for package or bug name: Reporting problems