CVE-2016-1938

Priority
Description
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security
Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0,
improperly divides numbers, which might make it easier for remote attackers
to defeat cryptographic protection mechanisms by leveraging use of the (1)
mp_div or (2) mp_exptmod function.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (44.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [44.0+build3-0ubuntu0.12.04.1])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [44.0+build3-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (44.0+build3-0ubuntu1)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.21)
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.21-0ubuntu0.12.04.1)
Ubuntu 14.04 ESM (Trusty Tahr):released (2:3.21-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:3.21-1ubuntu2)
Patches:
Upstream:http://hg.mozilla.org/projects/nss/rev/a555bf0fc23a
Upstream:http://hg.mozilla.org/projects/nss/rev/608645309ab9
Upstream:http://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
Package
Priority: Low
Upstream:released (38.8.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1:38.8.0+build1-0ubuntu0.12.04.1])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1:38.8.0+build1-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (1:38.8.0+build1-0ubuntu0.16.04.1)
More Information

Updated: 2020-03-18 22:43:42 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)