1. Home
  2. Vulnerabilities
  3. CVE-2016-1938

CVE-2016-1938

CVSS v3.0 6.5 (Medium)
65% Progress
CVSS v2.0 6.4 (Medium)
64% Progress
EPSS 0.33 % (72th)
0.33% Progress
Affected Products 4
Advisories 11
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.

Weaknesses
CWE-310
Cryptographic Issues
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2016-01-31 18:59:05
(8 years ago)
Updated Date
2018-10-30 16:27:35
(5 years ago)

Affected Products

Mozilla

Opensuse

Configuration #1

AND
    CPE23 From Up To
OR  
  Opensuse Leap 42.1 cpe:2.3:o:opensuse:leap:42.1
OR  
  Running on/with
  Opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1
OR  
  Running on/with
  Opensuse 13.2 cpe:2.3:o:opensuse:opensuse:13.2

Configuration #2

AND
    CPE23 From Up To
OR  
  Mozilla Nss 3.20.1 and prior versions cpe:2.3:a:mozilla:nss <= 3.20.1
OR  
  Running on/with
  Mozilla Firefox 43.0.4 and prior versions cpe:2.3:a:mozilla:firefox <= 43.0.4