[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Arbitrary code execution vulnerability in Mozilla Firefox, Mozilla Thunderbird, Firefox ESR and Apple OS X via a crafted certificate - CVE-2016-1950 (Mac OS X)

ID: oval:org.secpod.oval:def:33507Date: (C)2016-03-17   (M)2024-01-29
Class: VULNERABILITYFamily: macos




The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.4 or Mozilla Firefox before 45.0, Firefox Thunderbird or Firefox ESR 38.x before 38.7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the Mozilla Network Security Services (NSS), which fails to handle crafted ASN.1 data in an X.509 certificate. Successful exploitation allows remote attackers to execute arbitrary code.

Platform:
Apple Mac OS 14
Apple Mac OS 13
Apple Mac OS 12
Apple Mac OS 11
Apple Mac OS X 10.15
Apple Mac OS X 10.14
Apple Mac OS X 10.13
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Product:
Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird
Reference:
CVE-2016-1950
CVE    1
CVE-2016-1950
CPE    16
cpe:/a:mozilla:firefox_esr
cpe:/a:mozilla:firefox_esr:38.0
cpe:/a:mozilla:firefox:44.0.2
cpe:/a:mozilla:firefox_esr:38.1.1
...

© SecPod Technologies