CVE-2016-9074 Information

Feb 14, 2021 cve

Description

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird 45.5 Firefox ESR 45.5 and Firefox 50.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/94341 http://www.securitytracker.com/id/1037298 https://bugzilla.mozilla.org/show_bug.cgi?id=1293334 https://security.gentoo.org/glsa/201701-15 https://security.gentoo.org/glsa/201701-46 https://www.debian.org/security/2016/dsa-3730 https://www.mozilla.org/security/advisories/mfsa2016-89/ https://www.mozilla.org/security/advisories/mfsa2016-90/ https://www.mozilla.org/security/advisories/mfsa2016-93/

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.9

Share on: