CVE-2016-2834
Summary
| CVE | CVE-2016-2834 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-06-13 10:59:00 UTC |
| Updated | 2023-09-12 14:55:00 UTC |
| Description | Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Network Security Services | All | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 12.0 | sp1 | All | All |
| Application | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | All | All | All |
| Application | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | sp1 | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 12.0 | sp1 | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Leap | 42.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.1 | All | All | All |
| Operating System | Opensuse | Opensuse | 13.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1206283 – ASan: heap-buffer-overflow in sec_port_ucs2_utf8_conversion_function() | CONFIRM | bugzilla.mozilla.org | Issue Tracking |
| 1221620 – UBSan: left shift of negative value in DER_GetInteger_Util | CONFIRM | bugzilla.mozilla.org | Issue Tracking |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information and Let Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| 1241037 – sec_port_ucs2_utf8_conversion_function detects UTF-16 surrogates incorrectly | CONFIRM | bugzilla.mozilla.org | Issue Tracking |
| [security-announce] SUSE-SU-2016:1691-1: important: Security update for | SUSE | lists.opensuse.org | |
| 1241034 – Out-of-bounds write (buffer overflow) in sec_port_ucs2_utf8_conversion_function | CONFIRM | bugzilla.mozilla.org | Issue Tracking |
| [security-announce] openSUSE-SU-2016:1557-1: important: Security update | SUSE | lists.opensuse.org | |
| Debian -- Security Information -- DSA-3688-1 nss | DEBIAN | www.debian.org | |
| USN-3029-1: NSS vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| USN-2993-1: Firefox vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [security-announce] openSUSE-SU-2016:1552-1: important: Security update | SUSE | lists.opensuse.org | |
| NSS 3.23 release notes - Mozilla | MDN | CONFIRM | developer.mozilla.org | |
| Network Security Services (NSS) vulnerabilities — Mozilla | CONFIRM | www.mozilla.org | Vendor Advisory |
| Mozilla Network Security Services Multiple Unspecified Security Vulnerabilities | BID | www.securityfocus.com | |
| Oracle Critical Patch Update - July 2017 | CONFIRM | www.oracle.com | |
| Oracle Critical Patch Update - October 2017 | CONFIRM | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.