CVE-2016-1950
Published on: 03/13/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:04 PM UTC
Certain versions of Iphone Os from Apple contain the following vulnerability:
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
- CVE-2016-1950 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | REQUIRED | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.8 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
APPLE-SA-2016-03-21-2 watchOS 2.2 | Mailing List lists.apple.com text/html |
![]() |
USN-2917-3: Firefox regressions | Ubuntu | www.ubuntu.com text/html |
![]() |
APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002 | Mailing List lists.apple.com text/html |
![]() |
[security-announce] SUSE-SU-2016:0909-1: important: Security update for | lists.opensuse.org text/html |
![]() |
Debian -- Security Information -- DSA-3520-1 icedove | www.debian.org Depreciated Link text/html |
![]() |
APPLE-SA-2016-03-21-3 tvOS 9.2 | Mailing List lists.apple.com text/html |
![]() |
USN-2934-1: Thunderbird vulnerabilities | Ubuntu | www.ubuntu.com text/html |
![]() |
USN-2917-1: Firefox vulnerabilities | Ubuntu | www.ubuntu.com text/html |
![]() |
Debian -- Security Information -- DSA-3510-1 iceweasel | www.debian.org Depreciated Link text/html |
![]() |
Mozilla Products: Multiple vulnerabilities (GLSA 201605-06) — Gentoo security | security.gentoo.org text/html |
![]() |
Red Hat Customer Portal | web.archive.org text/html Inactive LinkNot Archived |
![]() |
Oracle Critical Patch Update - October 2016 | Third Party Advisory www.oracle.com text/html |
![]() |
[security-announce] openSUSE-SU-2016:0733-1: important: Security update | lists.opensuse.org text/html |
![]() |
About the security content of watchOS 2.2 - Apple Support | Third Party Advisory support.apple.com text/html |
![]() |
About the security content of iOS 9.3 - Apple Support | Third Party Advisory support.apple.com text/html |
![]() |
[security-announce] SUSE-SU-2016:0820-1: important: Security update for | lists.opensuse.org text/html |
![]() |
[security-announce] openSUSE-SU-2016:1557-1: important: Security update | Third Party Advisory lists.opensuse.org text/html |
![]() |
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Spoof the Address Bar, Overwrite Files, and Deny Service - SecurityTracker | www.securitytracker.com text/html |
![]() |
Debian -- Security Information -- DSA-3688-1 nss | www.debian.org Depreciated Link text/html |
![]() |
Oracle VM Server for x86 Bulletin - July 2016 | Third Party Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
NSS 3.19.2.3 release notes - Mozilla | MDN | Release Notes developer.mozilla.org text/html |
![]() |
[security-announce] openSUSE-SU-2016:0731-1: important: Security update | lists.opensuse.org text/html |
![]() |
[security-announce] SUSE-SU-2016:0777-1: important: Security update for | lists.opensuse.org text/html |
![]() |
Oracle Linux Bulletin - January 2016 | Third Party Advisory www.oracle.com text/html |
![]() |
APPLE-SA-2016-03-21-1 iOS 9.3 | Mailing List lists.apple.com text/html |
![]() |
Buffer overflow during ASN.1 decoding in NSS — Mozilla | Vendor Advisory www.mozilla.org text/html |
![]() |
USN-2917-2: Firefox regressions | Ubuntu | www.ubuntu.com text/html |
![]() |
USN-2924-1: NSS vulnerability | Ubuntu | www.ubuntu.com text/html |
![]() |
NSS 3.21.1 release notes - Mozilla | MDN | Release Notes developer.mozilla.org text/html |
![]() |
About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple Support | Third Party Advisory support.apple.com text/html |
![]() |
Broadcom Support Portal | bto.bluecoat.com text/html |
![]() |
About the security content of tvOS 9.2 - Apple Support | Third Party Advisory support.apple.com text/html |
![]() |
Access Denied | Issue Tracking bugzilla.mozilla.org text/html |
![]() |
Oracle Critical Patch Update - July 2017 | www.oracle.com text/html |
![]() |
Oracle Critical Patch Update - October 2017 | www.oracle.com text/html |
![]() |
Mozilla Network Security Services CVE-2016-1950 Heap Buffer Overflow Vulnerability | cve.report (archive) text/html |
![]() |
[security-announce] SUSE-SU-2016:0727-1: important: Security update for | lists.opensuse.org text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Apple | Iphone Os | All | All | All | All |
Operating System | Apple | Mac Os X | All | All | All | All |
Operating System | Apple | Tvos | All | All | All | All |
Operating System | Apple | Watchos | All | All | All | All |
Application | Mozilla | Firefox | All | All | All | All |
Application | Mozilla | Firefox Esr | 38.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0.5 | All | All | All |
Application | Mozilla | Firefox Esr | 38.1.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.1.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.2.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.2.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.3.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.4.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.5.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.5.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.6.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.6.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.0.5 | All | All | All |
Application | Mozilla | Firefox Esr | 38.1.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.1.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.2.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.2.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.3.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.4.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.5.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.5.1 | All | All | All |
Application | Mozilla | Firefox Esr | 38.6.0 | All | All | All |
Application | Mozilla | Firefox Esr | 38.6.1 | All | All | All |
Application | Mozilla | Network Security Services | 3.19.2 | All | All | All |
Application | Mozilla | Network Security Services | 3.20 | All | All | All |
Application | Mozilla | Network Security Services | 3.20.1 | All | All | All |
Application | Mozilla | Network Security Services | 3.21 | All | All | All |
Application | Mozilla | Network Security Services | 3.19.2 | All | All | All |
Application | Mozilla | Network Security Services | 3.20 | All | All | All |
Application | Mozilla | Network Security Services | 3.20.1 | All | All | All |
Application | Mozilla | Network Security Services | 3.21 | All | All | All |
Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
Application | Oracle | Glassfish Server | 2.1.1 | All | All | All |
Application | Oracle | Glassfish Server | 2.1.1 | All | All | All |
Application | Oracle | Iplanet Web Proxy Server | 4.0 | All | All | All |
Application | Oracle | Iplanet Web Proxy Server | 4.0 | All | All | All |
Application | Oracle | Iplanet Web Server | 7.0 | All | All | All |
Application | Oracle | Iplanet Web Server | 7.0 | All | All | All |
Operating System | Oracle | Linux | 5.0 | All | All | All |
Operating System | Oracle | Linux | 6 | All | All | All |
Operating System | Oracle | Linux | 7 | All | All | All |
Operating System | Oracle | Linux | 5.0 | All | All | All |
Operating System | Oracle | Linux | 6 | All | All | All |
Operating System | Oracle | Linux | 7 | All | All | All |
Operating System | Oracle | Vm Server | 3.2 | All | All | All |
Operating System | Oracle | Vm Server | 3.2 | All | All | All |
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*:
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.6.0:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:firefox_esr:38.6.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*:
- cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE