var-201603-0244
Vulnerability from variot
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Both Mozilla Firefox and Firefox ESR are developed by the Mozilla Foundation in the United States. The following products and versions are affected: Mozilla Firefox prior to 45.0, Firefox ESR prior to 38.7 38.x, Mozilla NSS prior to 3.19.2.3, 3.20.x, 3.21.1 prior to 3.21.x.
CVE-2015-4000
David Adrian et al. reported that it may be feasible to attack
Diffie-Hellman-based cipher suites in certain circumstances,
compromising the confidentiality and integrity of data encrypted
with Transport Layer Security (TLS).
CVE-2015-7181 CVE-2015-7182 CVE-2016-1950
Tyson Smith, David Keeler, and Francis Gabriel discovered
heap-based buffer overflows in the ASN.1 DER parser, potentially
leading to arbitrary code execution.
CVE-2015-7575
Karthikeyan Bhargavan discovered that TLS client implementation
accepted MD5-based signatures for TLS 1.2 connections with forward
secrecy, weakening the intended security strength of TLS
connections.
CVE-2016-1938
Hanno Boeck discovered that NSS miscomputed the result of integer
division for certain inputs. This could weaken the cryptographic
protections provided by NSS. However, NSS implements RSA-CRT leak
hardening, so RSA private keys are not directly disclosed by this
issue.
CVE-2016-1978
Eric Rescorla discovered a user-after-free vulnerability in the
implementation of ECDH-based TLS handshakes, with unknown
consequences.
CVE-2016-1979
Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER
processing, with application-specific impact.
CVE-2016-2834
Tyson Smith and Jed Davis discovered unspecified memory-safety
bugs in NSS.
In addition, the NSS library did not ignore environment variables in processes which underwent a SUID/SGID/AT_SECURE transition at process start. In certain system configurations, this allowed local users to escalate their privileges.
For the stable distribution (jessie), these problems have been fixed in version 2:3.26-1+debu8u1.
For the unstable distribution (sid), these problems have been fixed in version 2:3.23-1.
We recommend that you upgrade your nss packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Debian Security Advisory DSA-3510-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 09, 2016 https://www.debian.org/security/faq
Package : iceweasel CVE ID : CVE-2016-1950 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, address bar spoofing and overwriting local files. 5 client) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: nss-util security update Advisory ID: RHSA-2016:0495-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0495.html Issue date: 2016-03-23 CVE Names: CVE-2016-1950 =====================================================================
- Summary:
Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red Hat Enterprise Linux 6.6 and 7.1 Extended Update Support.
Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64 Red Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64
- Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module.
A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. (CVE-2016-1950)
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter.
All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util libraries must be restarted, or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
- Package List:
Red Hat Enterprise Linux HPC Node EUS (v. 6.6):
Source: nss-util-3.19.1-3.el6_6.src.rpm
x86_64: nss-util-3.19.1-3.el6_6.i686.rpm nss-util-3.19.1-3.el6_6.x86_64.rpm nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):
x86_64: nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm nss-util-devel-3.19.1-3.el6_6.i686.rpm nss-util-devel-3.19.1-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.2):
Source: nss-util-3.13.1-10.el6_2.src.rpm
x86_64: nss-util-3.13.1-10.el6_2.i686.rpm nss-util-3.13.1-10.el6_2.x86_64.rpm nss-util-debuginfo-3.13.1-10.el6_2.i686.rpm nss-util-debuginfo-3.13.1-10.el6_2.x86_64.rpm nss-util-devel-3.13.1-10.el6_2.i686.rpm nss-util-devel-3.13.1-10.el6_2.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: nss-util-3.14.3-8.el6_4.src.rpm
x86_64: nss-util-3.14.3-8.el6_4.i686.rpm nss-util-3.14.3-8.el6_4.x86_64.rpm nss-util-debuginfo-3.14.3-8.el6_4.i686.rpm nss-util-debuginfo-3.14.3-8.el6_4.x86_64.rpm nss-util-devel-3.14.3-8.el6_4.i686.rpm nss-util-devel-3.14.3-8.el6_4.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.5):
Source: nss-util-3.16.1-4.el6_5.src.rpm
x86_64: nss-util-3.16.1-4.el6_5.i686.rpm nss-util-3.16.1-4.el6_5.x86_64.rpm nss-util-debuginfo-3.16.1-4.el6_5.i686.rpm nss-util-debuginfo-3.16.1-4.el6_5.x86_64.rpm nss-util-devel-3.16.1-4.el6_5.i686.rpm nss-util-devel-3.16.1-4.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.6):
Source: nss-util-3.19.1-3.el6_6.src.rpm
i386: nss-util-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-devel-3.19.1-3.el6_6.i686.rpm
ppc64: nss-util-3.19.1-3.el6_6.ppc.rpm nss-util-3.19.1-3.el6_6.ppc64.rpm nss-util-debuginfo-3.19.1-3.el6_6.ppc.rpm nss-util-debuginfo-3.19.1-3.el6_6.ppc64.rpm nss-util-devel-3.19.1-3.el6_6.ppc.rpm nss-util-devel-3.19.1-3.el6_6.ppc64.rpm
s390x: nss-util-3.19.1-3.el6_6.s390.rpm nss-util-3.19.1-3.el6_6.s390x.rpm nss-util-debuginfo-3.19.1-3.el6_6.s390.rpm nss-util-debuginfo-3.19.1-3.el6_6.s390x.rpm nss-util-devel-3.19.1-3.el6_6.s390.rpm nss-util-devel-3.19.1-3.el6_6.s390x.rpm
x86_64: nss-util-3.19.1-3.el6_6.i686.rpm nss-util-3.19.1-3.el6_6.x86_64.rpm nss-util-debuginfo-3.19.1-3.el6_6.i686.rpm nss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm nss-util-devel-3.19.1-3.el6_6.i686.rpm nss-util-devel-3.19.1-3.el6_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode EUS (v. 7.1):
Source: nss-util-3.19.1-5.el7_1.src.rpm
x86_64: nss-util-3.19.1-5.el7_1.i686.rpm nss-util-3.19.1-5.el7_1.x86_64.rpm nss-util-debuginfo-3.19.1-5.el7_1.i686.rpm nss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1):
x86_64: nss-util-debuginfo-3.19.1-5.el7_1.i686.rpm nss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm nss-util-devel-3.19.1-5.el7_1.i686.rpm nss-util-devel-3.19.1-5.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: nss-util-3.19.1-5.el7_1.src.rpm
ppc64: nss-util-3.19.1-5.el7_1.ppc.rpm nss-util-3.19.1-5.el7_1.ppc64.rpm nss-util-debuginfo-3.19.1-5.el7_1.ppc.rpm nss-util-debuginfo-3.19.1-5.el7_1.ppc64.rpm nss-util-devel-3.19.1-5.el7_1.ppc.rpm nss-util-devel-3.19.1-5.el7_1.ppc64.rpm
s390x: nss-util-3.19.1-5.el7_1.s390.rpm nss-util-3.19.1-5.el7_1.s390x.rpm nss-util-debuginfo-3.19.1-5.el7_1.s390.rpm nss-util-debuginfo-3.19.1-5.el7_1.s390x.rpm nss-util-devel-3.19.1-5.el7_1.s390.rpm nss-util-devel-3.19.1-5.el7_1.s390x.rpm
x86_64: nss-util-3.19.1-5.el7_1.i686.rpm nss-util-3.19.1-5.el7_1.x86_64.rpm nss-util-debuginfo-3.19.1-5.el7_1.i686.rpm nss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm nss-util-devel-3.19.1-5.el7_1.i686.rpm nss-util-devel-3.19.1-5.el7_1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.1):
Source: nss-util-3.19.1-5.ael7b_1.src.rpm
ppc64le: nss-util-3.19.1-5.ael7b_1.ppc64le.rpm nss-util-debuginfo-3.19.1-5.ael7b_1.ppc64le.rpm nss-util-devel-3.19.1-5.ael7b_1.ppc64le.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFW8mrxXlSAg2UNWIIRApd+AKC89tmaT/sw/qZV56m0D+wS0ksruwCgoZdA LWDm7Ow/XWG3HaU1ic1EWh4= =RGkL -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-2917-1 March 09, 2016
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it opened a malicious website. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1950)
Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jyl\xe4nki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1952, CVE-2016-1953)
Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954)
Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955)
Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956)
Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957)
Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)
Looben Yang discovered an out-of-bounds read in Service Worker Manager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1959)
A use-after-free was discovered in the HTML5 string parser. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1960)
A use-after-free was discovered in the SetBody function of HTMLDocument. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1961)
Dominique Haza\xebl-Massieux discovered a use-after-free when using multiple WebRTC data channels. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1962)
It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1963)
Nicolas Gr\xe9goire discovered a use-after-free during XML transformations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1964)
Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965)
A memory corruption issues was discovered in the NPAPI subsystem. If a user were tricked in to opening a specially crafted website with a malicious plugin installed, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1966)
Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967)
Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1968)
Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1973)
Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1974)
Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: firefox 45.0+build2-0ubuntu0.15.10.1
Ubuntu 14.04 LTS: firefox 45.0+build2-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: firefox 45.0+build2-0ubuntu0.12.04.1
After a standard system update you need to restart Firefox to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2917-1 CVE-2016-1950, CVE-2016-1952, CVE-2016-1953, CVE-2016-1954, CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-1958, CVE-2016-1959, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1963, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1967, CVE-2016-1968, CVE-2016-1973, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802
Package Information: https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.15.10.1 https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.12.04.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iplanet web proxy server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "iplanet web server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "7.0"
},
{
"model": "glassfish server",
"scope": "eq",
"trust": 1.8,
"vendor": "oracle",
"version": "2.1.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "3.20.1"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "3.20"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "3.21"
},
{
"model": "network security services",
"scope": "eq",
"trust": 1.6,
"vendor": "mozilla",
"version": "3.19.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.4.0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.1.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6"
},
{
"model": "vm server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.11.3"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.0.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.0.5"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.1.0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.2.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.2.0"
},
{
"model": "firefox",
"scope": "lte",
"trust": 1.0,
"vendor": "mozilla",
"version": "44.0.2"
},
{
"model": "iphone os",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.2.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.5.1"
},
{
"model": "tvos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "9.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.6.0"
},
{
"model": "watchos",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.6.1"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.3.0"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": "38.5.0"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(ipad 2 or later )"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(apple watch sport)"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.21.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.11 to 10.11.3"
},
{
"model": "vm server",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "tvos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "9.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(apple watch edition)"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "2.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(apple watch hermes)"
},
{
"model": "network security services",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.21.x"
},
{
"model": "firefox esr",
"scope": "eq",
"trust": 0.8,
"vendor": "mozilla",
"version": "38.7"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(iphone 4s or later )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(ipod touch first 5 after generation )"
},
{
"model": "linux",
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": "watchos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(apple watch)"
},
{
"model": "opensuse",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "9.3"
},
{
"model": "network security services",
"scope": "eq",
"trust": 0.8,
"vendor": "mozilla",
"version": "3.20.x"
},
{
"model": "tvos",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "(apple tv first 4 generation )"
},
{
"model": "firefox esr",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "38.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "44.0.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.11.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Debian",
"sources": [
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "136152"
}
],
"trust": 0.2
},
"cve": "CVE-2016-1950",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-1950",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-90769",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1950",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1950",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90769",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-1950",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "VULMON",
"id": "CVE-2016-1950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Both Mozilla Firefox and Firefox ESR are developed by the Mozilla Foundation in the United States. The following products and versions are affected: Mozilla Firefox prior to 45.0, Firefox ESR prior to 38.7 38.x, Mozilla NSS prior to 3.19.2.3, 3.20.x, 3.21.1 prior to 3.21.x. \n\nCVE-2015-4000\n\n David Adrian et al. reported that it may be feasible to attack\n Diffie-Hellman-based cipher suites in certain circumstances,\n compromising the confidentiality and integrity of data encrypted\n with Transport Layer Security (TLS). \n\nCVE-2015-7181\nCVE-2015-7182\nCVE-2016-1950\n\n Tyson Smith, David Keeler, and Francis Gabriel discovered\n heap-based buffer overflows in the ASN.1 DER parser, potentially\n leading to arbitrary code execution. \n\nCVE-2015-7575\n\n Karthikeyan Bhargavan discovered that TLS client implementation\n accepted MD5-based signatures for TLS 1.2 connections with forward\n secrecy, weakening the intended security strength of TLS\n connections. \n\nCVE-2016-1938\n\n Hanno Boeck discovered that NSS miscomputed the result of integer\n division for certain inputs. This could weaken the cryptographic\n protections provided by NSS. However, NSS implements RSA-CRT leak\n hardening, so RSA private keys are not directly disclosed by this\n issue. \n\nCVE-2016-1978\n\n Eric Rescorla discovered a user-after-free vulnerability in the\n implementation of ECDH-based TLS handshakes, with unknown\n consequences. \n\nCVE-2016-1979\n\n Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER\n processing, with application-specific impact. \n\nCVE-2016-2834\n\n Tyson Smith and Jed Davis discovered unspecified memory-safety\n bugs in NSS. \n\nIn addition, the NSS library did not ignore environment variables in\nprocesses which underwent a SUID/SGID/AT_SECURE transition at process\nstart. In certain system configurations, this allowed local users to\nescalate their privileges. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 2:3.26-1+debu8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2:3.23-1. \n\nWe recommend that you upgrade your nss packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3510-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMarch 09, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : iceweasel\nCVE ID : CVE-2016-1950 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 \n CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962\n CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974\n CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792\n CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796\n CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800\n CVE-2016-2801 CVE-2016-2802\n\nMultiple security issues have been found in Iceweasel, Debian\u0027s version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nbuffer overflows, use-after-frees and other implementation errors may\nlead to the execution of arbitrary code, denial of service, address bar\nspoofing and overwriting local files. 5 client) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: nss-util security update\nAdvisory ID: RHSA-2016:0495-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2016-0495.html\nIssue date: 2016-03-23\nCVE Names: CVE-2016-1950 \n=====================================================================\n\n1. Summary:\n\nUpdated nss-util packages that fix one security issue are now available for\nRed Hat Enterprise Linux 6.2, 6.4, and 6.5 Advanced Update Support, and Red\nHat Enterprise Linux 6.6 and 7.1 Extended Update Support. \n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.1) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1) - x86_64\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.1) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. The nss-util package provides a set of utilities for NSS and\nthe Softoken module. \n\nA heap-based buffer overflow flaw was found in the way NSS parsed certain\nASN.1 structures. (CVE-2016-1950)\n\nRed Hat would like to thank the Mozilla project for reporting this issue. \nUpstream acknowledges Francis Gabriel as the original reporter. \n\nAll nss-util users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. For the update to take\neffect, all applications linked to the nss and nss-util libraries must be\nrestarted, or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.6):\n\nSource:\nnss-util-3.19.1-3.el6_6.src.rpm\n\nx86_64:\nnss-util-3.19.1-3.el6_6.i686.rpm\nnss-util-3.19.1-3.el6_6.x86_64.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.i686.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.6):\n\nx86_64:\nnss-util-debuginfo-3.19.1-3.el6_6.i686.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm\nnss-util-devel-3.19.1-3.el6_6.i686.rpm\nnss-util-devel-3.19.1-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.2):\n\nSource:\nnss-util-3.13.1-10.el6_2.src.rpm\n\nx86_64:\nnss-util-3.13.1-10.el6_2.i686.rpm\nnss-util-3.13.1-10.el6_2.x86_64.rpm\nnss-util-debuginfo-3.13.1-10.el6_2.i686.rpm\nnss-util-debuginfo-3.13.1-10.el6_2.x86_64.rpm\nnss-util-devel-3.13.1-10.el6_2.i686.rpm\nnss-util-devel-3.13.1-10.el6_2.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\nnss-util-3.14.3-8.el6_4.src.rpm\n\nx86_64:\nnss-util-3.14.3-8.el6_4.i686.rpm\nnss-util-3.14.3-8.el6_4.x86_64.rpm\nnss-util-debuginfo-3.14.3-8.el6_4.i686.rpm\nnss-util-debuginfo-3.14.3-8.el6_4.x86_64.rpm\nnss-util-devel-3.14.3-8.el6_4.i686.rpm\nnss-util-devel-3.14.3-8.el6_4.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.5):\n\nSource:\nnss-util-3.16.1-4.el6_5.src.rpm\n\nx86_64:\nnss-util-3.16.1-4.el6_5.i686.rpm\nnss-util-3.16.1-4.el6_5.x86_64.rpm\nnss-util-debuginfo-3.16.1-4.el6_5.i686.rpm\nnss-util-debuginfo-3.16.1-4.el6_5.x86_64.rpm\nnss-util-devel-3.16.1-4.el6_5.i686.rpm\nnss-util-devel-3.16.1-4.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.6):\n\nSource:\nnss-util-3.19.1-3.el6_6.src.rpm\n\ni386:\nnss-util-3.19.1-3.el6_6.i686.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.i686.rpm\nnss-util-devel-3.19.1-3.el6_6.i686.rpm\n\nppc64:\nnss-util-3.19.1-3.el6_6.ppc.rpm\nnss-util-3.19.1-3.el6_6.ppc64.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.ppc.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.ppc64.rpm\nnss-util-devel-3.19.1-3.el6_6.ppc.rpm\nnss-util-devel-3.19.1-3.el6_6.ppc64.rpm\n\ns390x:\nnss-util-3.19.1-3.el6_6.s390.rpm\nnss-util-3.19.1-3.el6_6.s390x.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.s390.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.s390x.rpm\nnss-util-devel-3.19.1-3.el6_6.s390.rpm\nnss-util-devel-3.19.1-3.el6_6.s390x.rpm\n\nx86_64:\nnss-util-3.19.1-3.el6_6.i686.rpm\nnss-util-3.19.1-3.el6_6.x86_64.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.i686.rpm\nnss-util-debuginfo-3.19.1-3.el6_6.x86_64.rpm\nnss-util-devel-3.19.1-3.el6_6.i686.rpm\nnss-util-devel-3.19.1-3.el6_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.1):\n\nSource:\nnss-util-3.19.1-5.el7_1.src.rpm\n\nx86_64:\nnss-util-3.19.1-5.el7_1.i686.rpm\nnss-util-3.19.1-5.el7_1.x86_64.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.i686.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.1):\n\nx86_64:\nnss-util-debuginfo-3.19.1-5.el7_1.i686.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm\nnss-util-devel-3.19.1-5.el7_1.i686.rpm\nnss-util-devel-3.19.1-5.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nnss-util-3.19.1-5.el7_1.src.rpm\n\nppc64:\nnss-util-3.19.1-5.el7_1.ppc.rpm\nnss-util-3.19.1-5.el7_1.ppc64.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.ppc.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.ppc64.rpm\nnss-util-devel-3.19.1-5.el7_1.ppc.rpm\nnss-util-devel-3.19.1-5.el7_1.ppc64.rpm\n\ns390x:\nnss-util-3.19.1-5.el7_1.s390.rpm\nnss-util-3.19.1-5.el7_1.s390x.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.s390.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.s390x.rpm\nnss-util-devel-3.19.1-5.el7_1.s390.rpm\nnss-util-devel-3.19.1-5.el7_1.s390x.rpm\n\nx86_64:\nnss-util-3.19.1-5.el7_1.i686.rpm\nnss-util-3.19.1-5.el7_1.x86_64.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.i686.rpm\nnss-util-debuginfo-3.19.1-5.el7_1.x86_64.rpm\nnss-util-devel-3.19.1-5.el7_1.i686.rpm\nnss-util-devel-3.19.1-5.el7_1.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.1):\n\nSource:\nnss-util-3.19.1-5.ael7b_1.src.rpm\n\nppc64le:\nnss-util-3.19.1-5.ael7b_1.ppc64le.rpm\nnss-util-debuginfo-3.19.1-5.ael7b_1.ppc64le.rpm\nnss-util-devel-3.19.1-5.ael7b_1.ppc64le.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFW8mrxXlSAg2UNWIIRApd+AKC89tmaT/sw/qZV56m0D+wS0ksruwCgoZdA\nLWDm7Ow/XWG3HaU1ic1EWh4=\n=RGkL\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-2917-1\nMarch 09, 2016\n\nfirefox vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nFirefox could be made to crash or run programs as your login if it\nopened a malicious website. \nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1950)\n\nBob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel\nHolbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto,\nTyson Smith, Andrea Marchesini, and Jukka Jyl\\xe4nki discovered multiple\nmemory safety issues in Firefox. If a user were tricked in to opening a\nspecially crafted website, an attacker could potentially exploit these to\ncause a denial of service via application crash, or execute arbitrary code\nwith the privileges of the user invoking Firefox. (CVE-2016-1952,\nCVE-2016-1953)\n\nNicolas Golubovic discovered that CSP violation reports can be used to\noverwrite local files. If a user were tricked in to opening a specially\ncrafted website with addon signing disabled and unpacked addons installed,\nan attacker could potentially exploit this to gain additional privileges. \n(CVE-2016-1954)\n\nMuneaki Nishimura discovered that CSP violation reports contained full\npaths for cross-origin iframe navigations. An attacker could potentially\nexploit this to steal confidential data. (CVE-2016-1955)\n\nUcha Gobejishvili discovered that performing certain WebGL operations\nresulted in memory resource exhaustion with some Intel GPUs, requiring\na reboot. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial\nof service. (CVE-2016-1956)\n\nJose Martinez and Romina Santillan discovered a memory leak in\nlibstagefright during MPEG4 video file processing in some circumstances. \nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\nmemory exhaustion. (CVE-2016-1957)\n\nAbdulrahman Alqabandi discovered that the addressbar could be blank or\nfilled with page defined content in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958)\n\nLooben Yang discovered an out-of-bounds read in Service Worker Manager. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1959)\n\nA use-after-free was discovered in the HTML5 string parser. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1960)\n\nA use-after-free was discovered in the SetBody function of HTMLDocument. \nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1961)\n\nDominique Haza\\xebl-Massieux discovered a use-after-free when using multiple\nWebRTC data channels. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to cause a\ndenial of service via application crash, or execute arbitrary code with\nthe privileges of the user invoking Firefox. (CVE-2016-1962)\n\nIt was discovered that Firefox crashes when local files are modified\nwhilst being read by the FileReader API. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthis to execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1963)\n\nNicolas Gr\\xe9goire discovered a use-after-free during XML transformations. \nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1964)\n\nTsubasa Iinuma discovered a mechanism to cause the addressbar to display\nan incorrect URL, using history navigations and the Location protocol\nproperty. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to conduct URL\nspoofing attacks. (CVE-2016-1965)\n\nA memory corruption issues was discovered in the NPAPI subsystem. If\na user were tricked in to opening a specially crafted website with a\nmalicious plugin installed, an attacker could potentially exploit this\nto cause a denial of service via application crash, or execute arbitrary\ncode with the privileges of the user invoking Firefox. (CVE-2016-1966)\n\nJordi Chancel discovered a same-origin-policy bypass when using\nperformance.getEntries and history navigation with session restore. If\na user were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to steal confidential data. (CVE-2016-1967)\n\nLuke Li discovered a buffer overflow during Brotli decompression in some\ncircumstances. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit this to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2016-1968)\n\nRonald Crane discovered a use-after-free in GetStaticInstance in WebRTC. \nIf a user were tricked in to opening a specially crafted website, an\nattacker could potentially exploit this to cause a denial of service via\napplication crash, or execute arbitrary code with the privileges of the\nuser invoking Firefox. (CVE-2016-1973)\n\nRonald Crane discovered an out-of-bounds read following a failed\nallocation in the HTML parser in some circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2016-1974)\n\nHolger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple\nmemory safety issues in the Graphite 2 library. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit these to cause a denial of service via application crash, or\nexecute arbitrary code with the privileges of the user invoking Firefox. \n(CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\nCVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797,\nCVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n firefox 45.0+build2-0ubuntu0.15.10.1\n\nUbuntu 14.04 LTS:\n firefox 45.0+build2-0ubuntu0.14.04.1\n\nUbuntu 12.04 LTS:\n firefox 45.0+build2-0ubuntu0.12.04.1\n\nAfter a standard system update you need to restart Firefox to make\nall the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2917-1\n CVE-2016-1950, CVE-2016-1952, CVE-2016-1953, CVE-2016-1954,\n CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-1958,\n CVE-2016-1959, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962,\n CVE-2016-1963, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966,\n CVE-2016-1967, CVE-2016-1968, CVE-2016-1973, CVE-2016-1974,\n CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,\n CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,\n CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800,\n CVE-2016-2801, CVE-2016-2802\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.15.10.1\n https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.14.04.1\n https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.12.04.1\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "VULMON",
"id": "CVE-2016-1950"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "136826"
},
{
"db": "PACKETSTORM",
"id": "136152"
},
{
"db": "PACKETSTORM",
"id": "136133"
},
{
"db": "PACKETSTORM",
"id": "136394"
},
{
"db": "PACKETSTORM",
"id": "136146"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90769",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1950",
"trust": 3.2
},
{
"db": "BID",
"id": "84223",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1035215",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU97668313",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001841",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "136146",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136826",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136152",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136133",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136394",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136148",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136131",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136614",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "136723",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-90769",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1950",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139002",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "VULMON",
"id": "CVE-2016-1950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "136826"
},
{
"db": "PACKETSTORM",
"id": "136152"
},
{
"db": "PACKETSTORM",
"id": "136133"
},
{
"db": "PACKETSTORM",
"id": "136394"
},
{
"db": "PACKETSTORM",
"id": "136146"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"id": "VAR-201603-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:30:28.935000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2016-03-21-1 iOS 9.3",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html"
},
{
"title": "APPLE-SA-2016-03-21-2 watchOS 2.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html"
},
{
"title": "APPLE-SA-2016-03-21-3 tvOS 9.2",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html"
},
{
"title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"title": "HT206168",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206168"
},
{
"title": "HT206169",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206169"
},
{
"title": "HT206166",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206166"
},
{
"title": "HT206167",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht206167"
},
{
"title": "HT206166",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht206166"
},
{
"title": "HT206167",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht206167"
},
{
"title": "HT206168",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht206168"
},
{
"title": "HT206169",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht206169"
},
{
"title": "NSS 3.19.2.3 release notes",
"trust": 0.8,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.2.3_release_notes"
},
{
"title": "NSS 3.21.1 release notes",
"trust": 0.8,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.21.1_release_notes"
},
{
"title": "MFSA2016-35",
"trust": 0.8,
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
},
{
"title": "MFSA2016-35",
"trust": 0.8,
"url": "http://www.mozilla-japan.org/security/announce/2016/mfsa2016-35.html"
},
{
"title": "openSUSE-SU-2016:1557",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
},
{
"title": "Oracle Linux Bulletin - January 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"title": "Oracle VM Server for x86 Bulletin - July 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"title": "October 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
},
{
"title": "Mozilla Firefox and Firefox ESR Network Security Services Fixes for heap-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60496"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2924-1"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2016-35",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2016-35"
},
{
"title": "Amazon Linux AMI: ALAS-2016-667",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2016-667"
},
{
"title": "Symantec Security Advisories: SA119 : Multiple NSS Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=aa233e8a415ebda03f918eccc56fe1c2"
},
{
"title": "Debian Security Advisories: DSA-3688-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=373dcfd6d281e203a1b020510989c2b1"
},
{
"title": "Apple: tvOS 9.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ce338ecd7a3c82e55bcf20e44e532eea"
},
{
"title": "Apple: watchOS 2.2",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=0cbe3084baf2e465ecd2cc68ad686a9a"
},
{
"title": "Forcepoint Security Advisories: CVE-2016-1950 buffer overflow in Mozilla Network Security Services vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=960fb313b99dbea82d5f90ccb71272e7"
},
{
"title": "Apple: iOS 9.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=3ae8bd7fcbbf51e9c7fe356687ecd0cf"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2934-1"
},
{
"title": "Apple: OS X El Capitan v10.11.4 and Security Update 2016-002",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=ef054ba76412200e34091eb91c38c281"
},
{
"title": "Debian Security Advisories: DSA-3520-1 icedove -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2b9aa701df5217296b51aa50339f0e39"
},
{
"title": "Ubuntu Security Notice: firefox regressions",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2917-2"
},
{
"title": "Ubuntu Security Notice: firefox regressions",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2917-3"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2917-1"
},
{
"title": "Debian Security Advisories: DSA-3510-1 iceweasel -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=064945326fd504723047042ea36d8018"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=8ad80411af3e936eb2998df70506cc71"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6839c4d3fd328571c675c335d58b5591"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "browser-vuln-db",
"trust": 0.1,
"url": "https://github.com/sleicasper/browser-vuln-db "
},
{
"title": "satellite-host-cve",
"trust": 0.1,
"url": "https://github.com/redhatsatellite/satellite-host-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/84223"
},
{
"trust": 2.4,
"url": "http://www.debian.org/security/2016/dsa-3510"
},
{
"trust": 2.4,
"url": "http://www.debian.org/security/2016/dsa-3520"
},
{
"trust": 2.4,
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"trust": 1.9,
"url": "http://rhn.redhat.com/errata/rhsa-2016-0495.html"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2917-1"
},
{
"trust": 1.9,
"url": "http://www.ubuntu.com/usn/usn-2934-1"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html"
},
{
"trust": 1.8,
"url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
},
{
"trust": 1.8,
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"trust": 1.8,
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"trust": 1.8,
"url": "https://bto.bluecoat.com/security-advisory/sa119"
},
{
"trust": 1.8,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"
},
{
"trust": 1.8,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.2.3_release_notes"
},
{
"trust": 1.8,
"url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.21.1_release_notes"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206166"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206167"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206168"
},
{
"trust": 1.8,
"url": "https://support.apple.com/ht206169"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201605-06"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1035215"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"
},
{
"trust": 1.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2917-2"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2917-3"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-2924-1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1950"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97668313/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1950"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1950"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2791"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1957"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2795"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1974"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2794"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1977"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1961"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2793"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1954"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2790"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1964"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1960"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1952"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1966"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2802"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2799"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2800"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2801"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1962"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-1950"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2016-36"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2924-1/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49332"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2834"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1979"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7575"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.15.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2016-0371.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1955"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1953"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1968"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.15.10.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1959"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/45.0+build2-0ubuntu0.14.04.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "VULMON",
"id": "CVE-2016-1950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "136826"
},
{
"db": "PACKETSTORM",
"id": "136152"
},
{
"db": "PACKETSTORM",
"id": "136133"
},
{
"db": "PACKETSTORM",
"id": "136394"
},
{
"db": "PACKETSTORM",
"id": "136146"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90769"
},
{
"db": "VULMON",
"id": "CVE-2016-1950"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"db": "PACKETSTORM",
"id": "139002"
},
{
"db": "PACKETSTORM",
"id": "136826"
},
{
"db": "PACKETSTORM",
"id": "136152"
},
{
"db": "PACKETSTORM",
"id": "136133"
},
{
"db": "PACKETSTORM",
"id": "136394"
},
{
"db": "PACKETSTORM",
"id": "136146"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-13T00:00:00",
"db": "VULHUB",
"id": "VHN-90769"
},
{
"date": "2016-03-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1950"
},
{
"date": "2016-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"date": "2016-10-06T20:59:47",
"db": "PACKETSTORM",
"id": "139002"
},
{
"date": "2016-04-28T00:01:48",
"db": "PACKETSTORM",
"id": "136826"
},
{
"date": "2016-03-10T14:57:09",
"db": "PACKETSTORM",
"id": "136152"
},
{
"date": "2016-03-09T15:26:06",
"db": "PACKETSTORM",
"id": "136133"
},
{
"date": "2016-03-23T23:16:10",
"db": "PACKETSTORM",
"id": "136394"
},
{
"date": "2016-03-09T17:08:32",
"db": "PACKETSTORM",
"id": "136146"
},
{
"date": "2016-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"date": "2016-03-13T18:59:00.193000",
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-27T00:00:00",
"db": "VULHUB",
"id": "VHN-90769"
},
{
"date": "2019-12-27T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1950"
},
{
"date": "2016-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001841"
},
{
"date": "2019-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-136"
},
{
"date": "2019-12-27T16:08:55.810000",
"db": "NVD",
"id": "CVE-2016-1950"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mozilla Firefox Used in Network Security Services Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001841"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-136"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.