Mozilla Foundation Security Advisory 2016-07

Errors in mp_div and mp_exptmod cryptographic functions in NSS

Announced

January 26, 2016

Reporter

Hanno Böck

Impact

High

Products

Firefox, Firefox ESR, NSS

Fixed in

Firefox 44
Firefox ESR 38.8
NSS 3.19.2.4
NSS 3.21

Description

Security researcher Hanno Böck reported that calculations with mp_div and mp_exptmod in Network Security Services (NSS) can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to potential cryptographic weaknesses.

References

mp_div and mp_exptmod sometimes produce wrong calculation results (CVE-2016-1938)

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Impact

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2016-07

Errors in mp_div and mp_exptmod cryptographic functions in NSS

Description

References