CVE-2016-1938

NameCVE-2016-1938
DescriptionThe s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-427-1, DLA-480-1, DSA-3688-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
iceweasel (PTS)wheezy, wheezy (security)38.8.0esr-1~deb7u1fixed
jessie (security)38.8.0esr-1~deb8u1fixed
nss (PTS)wheezy2:3.14.5-1+deb7u5fixed
wheezy (security)2:3.26-1+debu7u5fixed
jessie2:3.26-1+debu8u2fixed
jessie (security)2:3.26-1+debu8u3fixed
stretch2:3.26.2-1.1fixed
stretch (security)2:3.26.2-1.1+deb9u1fixed
buster, sid2:3.33-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceweaselsource(unstable)44.0-1medium
iceweaselsourcejessie(not affected)
iceweaselsourcesqueeze(not affected)
iceweaselsourcewheezy(not affected)
nsssource(unstable)2:3.21-1medium
nsssourcejessie2:3.26-1+debu8u1mediumDSA-3688-1
nsssourcesqueeze3.12.8-1+squeeze14mediumDLA-427-1
nsssourcewheezy3.14.5-1+deb7u6mediumDLA-480-1

Notes

[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
Marked as fixed in 44.0-1 which would be the version fixing
the issue while using the bundled nss version. iceweasel for
unstable though used the system library.
https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a
https://hg.mozilla.org/projects/nss/rev/608645309ab9
https://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 (not yet public)

Search for package or bug name: Reporting problems