Mozilla Foundation Security Advisory 2016-07

Errors in mp_div and mp_exptmod cryptographic functions in NSS

Announced
January 26, 2016
Reporter
Hanno Böck
Impact
High
Products
Firefox, Firefox ESR, NSS
Fixed in
  • Firefox 44
  • Firefox ESR 38.8
  • NSS 3.19.2.4
  • NSS 3.21

Description

Security researcher Hanno Böck reported that calculations with mp_div and mp_exptmod in Network Security Services (NSS) can produce wrong results in some circumstances. These functions are used within NSS for a variety of cryptographic division functions, leading to potential cryptographic weaknesses.

References