Oval Definition:	oval:org.cisecurity:def:1071
Revision Date: 2016-09-23 Version: 13 Title: Use-after-free during processing of DER encoded keys in NSS - CVE-2016-1979 Description: Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2016-1979 Platform(s): Microsoft Windows 10 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows XP Product(s): Mozilla Firefox Mozilla Thunderbird Definition Synopsis Mozilla Firefox Mainline release is installed + version Mozilla Firefox Mainline release is installed AND Check if Mozilla Firefox Mainline version less than 45.0 OR Mozilla Firefox ESR release is installed + version Mozilla Firefox ESR is installed AND Check if Mozilla Firefox ESR version less than 38.8 OR Mozilla Thunderbird Mainline release is installed + version Mozilla Thunderbird Mainline release is installed AND Check if Mozilla Thunderbird Mainline version less than 45.0 OR Mozilla Thunderbird ESR release is installed + version Mozilla Thunderbird ESR is installed AND Check if Mozilla Thunderbird ESR version less than 38.8
BACK