Mozilla Foundation Security Advisory 2016-07
Errors in mp_div and mp_exptmod cryptographic functions in NSS
- Announced
- January 26, 2016
- Reporter
- Hanno Böck
- Impact
- High
- Products
- Firefox, Firefox ESR, NSS
- Fixed in
- 
        - Firefox 44
- Firefox ESR 38.8
- NSS 3.19.2.4
- NSS 3.21
 
Description
Security researcher Hanno Böck reported that calculations with
mp_div and mp_exptmod in Network Security Services (NSS) can
produce wrong results in some circumstances. These functions are used within NSS for a
variety of cryptographic division functions, leading to potential cryptographic
weaknesses.