CVE-2016-1950

Name	CVE-2016-1950
Description	Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-480-1, DSA-3510-1, DSA-3520-1, DSA-3688-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
firefox (PTS)	sid	132.0.2-1	fixed
firefox-esr (PTS)	jessie, jessie (lts)	68.9.0esr-1~deb8u2	fixed
	stretch (security), stretch (lts), stretch	91.11.0esr-1~deb9u1	fixed
	buster (security), buster, buster (lts)	115.12.0esr-1~deb10u1	fixed
	bullseye	115.14.0esr-1~deb11u1	fixed
	bullseye (security)	128.4.0esr-1~deb11u1	fixed
	bookworm	128.3.1esr-1~deb12u1	fixed
	bookworm (security)	128.4.0esr-1~deb12u1	fixed
	sid, trixie	128.4.0esr-1	fixed
icedove (PTS)	jessie	1:52.3.0-4~deb8u2	fixed
nss (PTS)	jessie, jessie (lts)	2:3.26-1+debu8u19	fixed
	stretch (security)	2:3.26.2-1.1+deb9u5	fixed
	stretch (lts), stretch	2:3.26.2-1.1+deb9u8	fixed
	buster, buster (lts)	2:3.42.1-1+deb10u9	fixed
	buster (security)	2:3.42.1-1+deb10u8	fixed
	bullseye	2:3.61-1+deb11u3	fixed
	bullseye (security)	2:3.61-1+deb11u4	fixed
	bookworm	2:3.87.1-1	fixed
	bookworm (security)	2:3.87.1-1+deb12u1	fixed
	trixie	2:3.105-2	fixed
	sid	2:3.106-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
firefox	source	(unstable)	45.0-1
firefox-esr	source	(unstable)	45.0esr-1
icedove	source	wheezy	38.7.0-1~deb7u1	DSA-3520-1
icedove	source	jessie	38.7.0-1~deb8u1	DSA-3520-1
icedove	source	(unstable)	38.7.0-1
iceweasel	source	wheezy	38.7.0esr-1~deb7u1	DSA-3510-1
iceweasel	source	jessie	38.7.0esr-1~deb8u1	DSA-3510-1
iceweasel	source	(unstable)	(unfixed)
nss	source	wheezy	2:3.14.5-1+deb7u6	DLA-480-1
nss	source	jessie	2:3.26-1+debu8u1	DSA-3688-1
nss	source	(unstable)	2:3.23-1

https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/
NSS fixed in 3.21.1