firefox: use-after-free

Package(s):

firefox

CVE #(s):

CVE-2016-1979

Created:

March 10, 2016

Updated:

May 19, 2016

Description:

From the Mageia advisory:

Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes.

Alerts:

Debian	DSA-3688-1	nss	2016-10-05
Gentoo	201605-06	nss	2016-05-31
Ubuntu	USN-2973-1	thunderbird	2016-05-19
Debian-LTS	DLA-480-1	nss	2016-05-18
Debian-LTS	DLA-472-2	icedove	2016-05-18
Debian-LTS	DLA-472-1	icedove	2016-05-14
Debian	DSA-3576-1	icedove	2016-05-13
Scientific Linux	SLSA-2016:0685-1	nss, nspr, nss-softokn, nss-util	2016-04-25
Oracle	ELSA-2016-0685	nss, nspr, nss-softokn, and nss-util	2016-04-25
Oracle	ELSA-2016-0684	nss and nspr	2016-04-25
CentOS	CESA-2016:0685	nss-util	2016-04-25
CentOS	CESA-2016:0685	nss-softokn	2016-04-25
CentOS	CESA-2016:0685	nss	2016-04-25
CentOS	CESA-2016:0685	nspr	2016-04-25
CentOS	CESA-2016:0684	nss	2016-04-25
CentOS	CESA-2016:0684	nspr	2016-04-25
Scientific Linux	SLSA-2016:0684-1	nss, nspr	2016-04-25
Red Hat	RHSA-2016:0685-01	nss, nspr, nss-softokn, nss-util	2016-04-25
Red Hat	RHSA-2016:0684-01	nss, nspr	2016-04-25
Scientific Linux	SLSA-2016:0591-1	nss, nss-util, nspr	2016-04-05
CentOS	CESA-2016:0591	nss-util	2016-04-05
CentOS	CESA-2016:0591	nss	2016-04-05
CentOS	CESA-2016:0591	nspr	2016-04-05
Red Hat	RHSA-2016:0591-01	nss, nss-util, nspr	2016-04-05
SUSE	SUSE-SU-2016:0909-1	firefox, nspr, nss	2016-03-30
SUSE	SUSE-SU-2016:0820-1	firefox	2016-03-18
SUSE	SUSE-SU-2016:0777-1	firefox nspr nss	2016-03-15
SUSE	SUSE-SU-2016:0727-1	firefox, nspr, nss	2016-03-11
openSUSE	openSUSE-SU-2016:0731-1	firefox nss nspr	2016-03-12
openSUSE	openSUSE-SU-2016:0733-1	Firefox	2016-03-12
Slackware	SSA:2016-069-02	mozilla-nss	2016-03-09
Mageia	MGASA-2016-0105	firefox	2016-03-09