Back to bug 1315565
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Huzaifa S. Sidhpurwala | 2016-03-08 05:44:23 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-03-08 05:44:23 UTC | Doc Type | --- | Bug Fix |
| Huzaifa S. Sidhpurwala | 2016-03-08 05:44:37 UTC | Blocks | 1310521 | |
| Huzaifa S. Sidhpurwala | 2016-03-08 05:45:05 UTC | Whiteboard | impact=moderate,public=no,reported=20160308,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected | impact=moderate,public=no,reported=20160308,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected |
| Huzaifa S. Sidhpurwala | 2016-03-09 04:13:26 UTC | Summary | EMBARGOED CVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory | CVE-2016-1978 nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15) |
| Whiteboard | impact=moderate,public=no,reported=20160308,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected | impact=moderate,public=20160308,reported=20160308,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected | ||
| Huzaifa S. Sidhpurwala | 2016-03-09 04:13:42 UTC | Group | security, qe_staff | |
| Huzaifa S. Sidhpurwala | 2016-03-09 08:43:25 UTC | Depends On | 1316003 | |
| Slawomir Czarko | 2016-03-14 13:00:24 UTC | CC | slawomir | |
| Huzaifa S. Sidhpurwala | 2016-03-29 03:48:57 UTC | Whiteboard | impact=moderate,public=20160308,reported=20160308,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected | impact=moderate,public=20160308,reported=20160308,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=wontfix,rhel-6/nss=defer,rhel-7/nss=defer,fedora-all/nss=affected |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:46:20 UTC | Whiteboard | impact=moderate,public=20160308,reported=20160308,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=wontfix,rhel-6/nss=defer,rhel-7/nss=defer,fedora-all/nss=affected | impact=moderate,public=20160308,reported=20160308,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:27 UTC | Depends On | 1323648 | |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:35 UTC | Depends On | 1323649 | |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:40 UTC | Depends On | 1323650 | |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:48 UTC | Depends On | 1323651 | |
| Huzaifa S. Sidhpurwala | 2016-04-04 10:48:54 UTC | Depends On | 1323652 | |
| Huzaifa S. Sidhpurwala | 2016-04-05 05:51:19 UTC | Doc Text | A use-after-free flaw was found in way NSS handled DHE (Diffie–Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send specially-crafted handshake message to cause an application linked against NSS to crash or under some special conditions execute arbitrary code, using the permissions of the user running the application. | |
| Martin Prpič | 2016-04-05 07:52:20 UTC | Doc Text | A use-after-free flaw was found in way NSS handled DHE (Diffie–Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send specially-crafted handshake message to cause an application linked against NSS to crash or under some special conditions execute arbitrary code, using the permissions of the user running the application. | A use-after-free flaw was found in way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. |
| Martin Prpič | 2016-04-05 08:29:33 UTC | Doc Text | A use-after-free flaw was found in way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. | A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. |
| Martin Prpič | 2016-04-05 12:02:29 UTC | Doc Text | A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. | A use-after-free flaw was found in the way NSS handled DHE (Diffie–Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. |
| Product Security DevOps Team | 2019-06-08 02:49:30 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:49:30 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:45:56 UTC | Whiteboard | impact=moderate,public=20160308,reported=20160308,source=mozilla,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-5/nss=affected,rhel-6/nss=affected,rhel-7/nss=affected,fedora-all/nss=affected |
Back to bug 1315565