Description The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
CVSS vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Exploitability: 3.9 | Impact: 2.5 Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: None
Affected Packages6 packages ▶ Ubuntu nss < 2:3.21-0ubuntu0.14.04.1 Show 1 more packages
🔴 Vulnerability Details5 GHSA GHSA-xp2m-37gc-hr6h: The s_mp_div function in lib/freebl/mpi/mpi ↗ 2022-05-14 ▶ OSV thunderbird vulnerabilities ↗ 2016-05-19 ▶ OSV nss vulnerability ↗ 2016-02-17 ▶ OSV CVE-2016-1938: The s_mp_div function in lib/freebl/mpi/mpi ↗ 2016-01-31 ▶ CVEList CVE-2016-1938: The s_mp_div function in lib/freebl/mpi/mpi ↗ 2016-01-31 ▶
📋 Vendor Advisories6 Ubuntu Thunderbird vulnerabilities ↗ 2016-05-19 ▶ Ubuntu NSS regression ↗ 2016-02-23 ▶ Ubuntu NSS vulnerability ↗ 2016-02-17 ▶ Ubuntu Firefox vulnerabilities ↗ 2016-01-27 ▶ Red Hat NSS: Errors in mp_div and mp_exptmod cryptographic functions ↗ 2016-01-26 ▶ Show 1 more
💬 Community1 Bugzilla CVE-2016-1938 Mozilla NSS: Errors in mp_div and mp_exptmod cryptographic functions ↗ 2016-02-05 ▶