PublicDateAtUSN: 2016-06-08 Candidate: CVE-2016-2834 PublicDate: 2016-06-13 10:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834 https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/ https://ubuntu.com/security/notices/USN-2993-1 https://ubuntu.com/security/notices/USN-3029-1 Description: Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Ubuntu-Description: Notes: Bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1221620 (private) https://bugzilla.mozilla.org/show_bug.cgi?id=1206283 (private) https://bugzilla.mozilla.org/show_bug.cgi?id=1241034 (private) https://bugzilla.mozilla.org/show_bug.cgi?id=1241037 (private) Priority: medium Discovered-by: Tyson Smith and Jed Davis Assigned-to: chrisccoulson CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH] Patches_firefox: upstream_firefox: released (47.0) precise_firefox: released (47.0+build3-0ubuntu0.12.04.1) precise/esm_firefox: DNE (precise was released [47.0+build3-0ubuntu0.12.04.1]) trusty_firefox: released (47.0+build3-0ubuntu0.14.04.1) trusty/esm_firefox: DNE (trusty was released [47.0+build3-0ubuntu0.14.04.1]) vivid/ubuntu-core_firefox: DNE vivid/stable-phone-overlay_firefox: DNE wily_firefox: released (47.0+build3-0ubuntu0.15.10.1) xenial_firefox: released (47.0+build3-0ubuntu0.16.04.1) esm-infra/xenial_firefox: released (47.0+build3-0ubuntu0.16.04.1) yakkety_firefox: released (47.0+build3-0ubuntu1) zesty_firefox: released (47.0+build3-0ubuntu1) artful_firefox: released (47.0+build3-0ubuntu1) devel_firefox: released (47.0+build3-0ubuntu1) Patches_thunderbird: Priority_thunderbird: low upstream_thunderbird: needed precise_thunderbird: ignored (reached end-of-life) precise/esm_thunderbird: DNE (precise was needed) trusty_thunderbird: released (1:52.4.0+build1-0ubuntu0.14.04.2) trusty/esm_thunderbird: DNE (trusty was released [1:52.4.0+build1-0ubuntu0.14.04.2]) vivid/ubuntu-core_thunderbird: DNE vivid/stable-phone-overlay_thunderbird: DNE wily_thunderbird: ignored (reached end-of-life) xenial_thunderbird: released (1:52.4.0+build1-0ubuntu0.16.04.2) esm-infra/xenial_thunderbird: released (1:52.4.0+build1-0ubuntu0.16.04.2) yakkety_thunderbird: ignored (reached end-of-life) zesty_thunderbird: released (1:52.4.0+build1-0ubuntu0.17.04.2) artful_thunderbird: released (1:52.4.0+build1-0ubuntu2) devel_thunderbird: released (1:52.4.0+build1-0ubuntu2) Patches_nss: upstream: https://hg.mozilla.org/projects/nss/rev/8d78a5ae260a (1221620) upstream: https://hg.mozilla.org/projects/nss/rev/99beadb15243 (1221620, tests) upstream: https://hg.mozilla.org/projects/nss/rev/5cbc92f72be3 (1221620, windows fix) upstream: https://hg.mozilla.org/projects/nss/rev/1ba7cd83c672 (1206283) upstream: https://hg.mozilla.org/projects/nss/rev/5fde729fdbff (1241034) upstream: https://hg.mozilla.org/projects/nss/rev/329932eb1700 (1241037) upstream_nss: released (3.23) precise_nss: released (2:3.23-0ubuntu0.12.04.1) precise/esm_nss: released (2:3.23-0ubuntu0.12.04.1) trusty_nss: released (2:3.23-0ubuntu0.14.04.1) trusty/esm_nss: released (2:3.23-0ubuntu0.14.04.1) vivid/stable-phone-overlay_nss: ignored (reached end-of-life) vivid/ubuntu-core_nss: DNE wily_nss: released (2:3.23-0ubuntu0.15.10.1) xenial_nss: released (2:3.23-0ubuntu0.16.04.1) esm-infra/xenial_nss: released (2:3.23-0ubuntu0.16.04.1) yakkety_nss: not-affected (2:3.23-2) zesty_nss: not-affected (2:3.23-2) artful_nss: not-affected (2:3.23-2) devel_nss: not-affected (2:3.23-2)