Medium severity6.5NVD Advisory· Published Jan 31, 2016· Updated May 6, 2026
CVE-2016-1938
CVE-2016-1938
Description
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
Affected products
5Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.htmlnvdThird Party Advisory
- www.mozilla.org/security/announce/2016/mfsa2016-07.htmlnvdVendor Advisory
- www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/91787nvdThird Party AdvisoryVDB Entry
- developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notesnvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.htmlnvd
- www.debian.org/security/2016/dsa-3688nvd
- www.securityfocus.com/bid/81955nvd
- www.securitytracker.com/id/1034825nvd
- www.ubuntu.com/usn/USN-2880-1nvd
- www.ubuntu.com/usn/USN-2880-2nvd
- www.ubuntu.com/usn/USN-2903-1nvd
- www.ubuntu.com/usn/USN-2903-2nvd
- www.ubuntu.com/usn/USN-2973-1nvd
- blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.htmlnvd
- github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.cnvd
- github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.cnvd
- hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.cnvd
- security.gentoo.org/glsa/201605-06nvd
- security.gentoo.org/glsa/201701-46nvd
News mentions
0No linked articles in our index yet.