Back to bug 1310509
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Huzaifa S. Sidhpurwala | 2016-02-22 04:57:48 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-02-22 04:57:48 UTC | Doc Type | --- | Bug Fix |
| Huzaifa S. Sidhpurwala | 2016-02-22 05:00:18 UTC | Whiteboard | impact=critical,public=no,reported=20160222,source=mozilla,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss-util=affected,rhel-7/nss-util=affected,fedora-all/nss-util=affected | impact=critical,public=20160308,reported=20160222,source=mozilla,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss-util=affected,rhel-7/nss-util=affected,fedora-all/nss-util=affected |
| Huzaifa S. Sidhpurwala | 2016-02-22 05:09:17 UTC | Depends On | 1310512 | |
| Huzaifa S. Sidhpurwala | 2016-02-22 05:09:26 UTC | Depends On | 1310513 | |
| Huzaifa S. Sidhpurwala | 2016-02-22 05:09:35 UTC | Depends On | 1310514 | |
| Huzaifa S. Sidhpurwala | 2016-02-22 05:09:44 UTC | Depends On | 1310515 | |
| Huzaifa S. Sidhpurwala | 2016-02-22 05:09:52 UTC | Depends On | 1310516 | |
| Huzaifa S. Sidhpurwala | 2016-02-22 05:39:14 UTC | Blocks | 1310521 | |
| Huzaifa S. Sidhpurwala | 2016-02-22 09:47:27 UTC | CC | kengert | |
| Huzaifa S. Sidhpurwala | 2016-02-22 09:48:56 UTC | CC | hkario | |
| Huzaifa S. Sidhpurwala | 2016-02-22 09:49:04 UTC | CC | emaldona | |
| Huzaifa S. Sidhpurwala | 2016-02-22 09:49:22 UTC | CC | rrelyea | |
| Kai Engert (:kaie) (inactive account) | 2016-02-22 16:12:12 UTC | Link ID | Mozilla Foundation 1245528 | |
| Huzaifa S. Sidhpurwala | 2016-03-02 06:28:06 UTC | Doc Text | A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially-crafted certificate which when parsed by NSS, could cause it to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library. | |
| Summer Long | 2016-03-04 01:20:25 UTC | CC | huzaifas, slong | |
| Doc Text | A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially-crafted certificate which when parsed by NSS, could cause it to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library. | A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially-crafted certificate which, when parsed by NSS, could cause it to crash. An attacker could also use the flaw to execute arbitrary code using the permissions of the user running an application compiled against the NSS library. | ||
| Flags | needinfo?(huzaifas) | |||
| Summer Long | 2016-03-04 06:22:44 UTC | Doc Text | A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially-crafted certificate which, when parsed by NSS, could cause it to crash. An attacker could also use the flaw to execute arbitrary code using the permissions of the user running an application compiled against the NSS library. | A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially-crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. |
| Huzaifa S. Sidhpurwala | 2016-03-04 06:25:01 UTC | Flags | needinfo?(huzaifas) | |
| Huzaifa S. Sidhpurwala | 2016-03-07 03:50:00 UTC | Summary | EMBARGOED CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing | EMBARGOED CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-36) |
| Martin Prpič | 2016-03-07 08:55:52 UTC | Doc Text | A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially-crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. | A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. |
| Huzaifa S. Sidhpurwala | 2016-03-09 03:22:07 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-36) | CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) | ||
| Huzaifa S. Sidhpurwala | 2016-03-09 08:43:03 UTC | Depends On | 1316002 | |
| Huzaifa S. Sidhpurwala | 2016-03-14 09:36:09 UTC | CC | ajanorka | |
| Whiteboard | impact=critical,public=20160308,reported=20160222,source=mozilla,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss-util=affected,rhel-7/nss-util=affected,fedora-all/nss-util=affected | impact=critical,public=20160308,reported=20160222,source=mozilla,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss-util=affected,rhel-7/nss-util=affected,fedora-all/nss-util=affected,rhel-6.2.z/nss-util=affected,rhel-6.4.z/nss-util=affected,rhel-6.5.z/nss-util=affected,rhel-6.6.z/nss-util=affected,rhel-7.1.z/nss-util=affected | ||
| Huzaifa S. Sidhpurwala | 2016-03-14 09:36:43 UTC | Depends On | 1317443 | |
| Huzaifa S. Sidhpurwala | 2016-03-14 09:36:48 UTC | Depends On | 1317444 | |
| Huzaifa S. Sidhpurwala | 2016-03-14 09:36:55 UTC | Depends On | 1317445 | |
| Huzaifa S. Sidhpurwala | 2016-03-14 09:36:59 UTC | Depends On | 1317446 | |
| Huzaifa S. Sidhpurwala | 2016-03-14 09:37:06 UTC | Depends On | 1317448 | |
| Stanislav Zidek | 2016-03-14 10:16:15 UTC | CC | szidek | |
| Slawomir Czarko | 2016-03-14 12:58:00 UTC | CC | slawomir | |
| Huzaifa S. Sidhpurwala | 2016-03-29 03:41:57 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-03-28 23:41:57 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=critical,public=20160308,reported=20160222,source=mozilla,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss-util=affected,rhel-7/nss-util=affected,fedora-all/nss-util=affected,rhel-6.2.z/nss-util=affected,rhel-6.4.z/nss-util=affected,rhel-6.5.z/nss-util=affected,rhel-6.6.z/nss-util=affected,rhel-7.1.z/nss-util=affected |
Back to bug 1310509