CVE-2016-9574
SUSE Security Advisory - SUSE-SU-2017:1175-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
nss en versiones anteriores a la 3.30 es vulnerable a una denegación de servicio (DoS) remota durante el handshake de sesión al emplear la extensión SessionTicket y ECDHE-ECDSA.
An update that fixes 29 vulnerabilities is now available. Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox code Firefox ESR 45.9, and Firefox ESR 52.1 XSLT processing processing Graphite 2 in the editor manipulation are sent with incorrect data application/http-index-format content application/http-index-format content destructor during XSLT processing events Mozilla NSS was updated to 3.29.5, bringing new features and fixing bugs.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-23 CVE Reserved
- 2017-05-03 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-325: Missing Cryptographic Step
- CWE-384: Session Fixation
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1320695 | 2024-08-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Network Security Services Search vendor "Mozilla" for product "Network Security Services" | < 3.30 Search vendor "Mozilla" for product "Network Security Services" and version " < 3.30" | - |
Affected
|