Vulnerability Description
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Opensuse | Leap | 42.1 |
| Opensuse | Opensuse | 13.1 |
| Mozilla | Network Security Services | <= 3.22 |
| Mozilla | Firefox | <= 46.0.1 |
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 |
| Novell | Suse Linux Enterprise Desktop | 12.0 |
| Novell | Suse Linux Enterprise Server | 12.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html
- http://rhn.redhat.com/errata/RHSA-2016-2779.html
- http://www.debian.org/security/2016/dsa-3688
- http://www.mozilla.org/security/announce/2016/mfsa2016-61.htmlVendor Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/91072
- http://www.securitytracker.com/id/1036057
- http://www.ubuntu.com/usn/USN-2993-1
- http://www.ubuntu.com/usn/USN-3029-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1206283Issue Tracking
- https://bugzilla.mozilla.org/show_bug.cgi?id=1221620Issue Tracking
- https://bugzilla.mozilla.org/show_bug.cgi?id=1241034Issue Tracking
FAQ
What is CVE-2016-2834?
CVE-2016-2834 is a vulnerability with a CVSS score of 8.8 (HIGH). Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly ...
How severe is CVE-2016-2834?
CVE-2016-2834 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2834?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Opensuse Leap, Opensuse Opensuse, Mozilla Network Security Services, Mozilla Firefox.