VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-n7zq-kjfr-kfd3

Vulnerability ID	VCID-n7zq-kjfr-kfd3
Aliases	CVE-2016-1950
Summary	Security researcher Francis Gabriel of Quarkslab reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user. This issue has been addressed in the NSS releases shipping on affected Mozilla products:
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
epss	0.01752	https://api.first.org/data/v1/epss?cve=CVE-2016-1950
cvssv2	6.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2016-35

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-1950
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1310509		https://bugzilla.redhat.com/show_bug.cgi?id=1310509
CVE-2016-1950		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950
mfsa2016-35		https://www.mozilla.org/en-US/security/advisories/mfsa2016-35
RHSA-2016:0370		https://access.redhat.com/errata/RHSA-2016:0370
RHSA-2016:0371		https://access.redhat.com/errata/RHSA-2016:0371
RHSA-2016:0495		https://access.redhat.com/errata/RHSA-2016:0495
USN-2917-1		https://usn.ubuntu.com/2917-1/
USN-2924-1		https://usn.ubuntu.com/2924-1/
USN-2934-1		https://usn.ubuntu.com/2934-1/

No exploits are available.

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:10:15.348805+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2016/mfsa2016-35.md	37.0.0