Описание
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| iceweasel | fixed | 44.0-1 | package | |
| iceweasel | not-affected | jessie | package | |
| iceweasel | not-affected | wheezy | package | |
| iceweasel | not-affected | squeeze | package | |
| nss | fixed | 2:3.21-1 | package |
Примечания
Marked as fixed in 44.0-1 which would be the version fixing
the issue while using the bundled nss version. iceweasel for
unstable though used the system library.
https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a
https://hg.mozilla.org/projects/nss/rev/608645309ab9
https://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 (not yet public)
EPSS
Связанные уязвимости
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss
EPSS