vulnerability
FreeBSD: VID-c4292768-5273-4f17-a267-c5fe35125ce4 (CVE-2016-1979): NSS -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Mar 8, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Mar 8, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Mozilla Foundation reports: Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes.
Solutions
freebsd-upgrade-package-nssfreebsd-upgrade-package-linux-c6-nssfreebsd-upgrade-package-linux-firefoxfreebsd-upgrade-package-linux-thunderbirdfreebsd-upgrade-package-linux-seamonkey
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.