CVE-2016-1938 (retired)

Priority
Description
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security
Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0,
improperly divides numbers, which might make it easier for remote attackers
to defeat cryptographic protection mechanisms by leveraging use of the (1)
mp_div or (2) mp_exptmod function.
Assigned-to
chrisccoulson
Notes
Package
Upstream:released (44.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [44.0+build3-0ubuntu0.12.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (44.0+build3-0ubuntu1)
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.21)
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.21-0ubuntu0.12.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2:3.21-1ubuntu2)
Patches:
Upstream:http://hg.mozilla.org/projects/nss/rev/a555bf0fc23a
Upstream:http://hg.mozilla.org/projects/nss/rev/608645309ab9
Upstream:http://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
Package
Priority: Low
Upstream:released (38.8.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1:38.8.0+build1-0ubuntu0.12.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (1:38.8.0+build1-0ubuntu0.16.04.1)
More Information

Updated: 2019-10-09 07:55:28 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)