CVE-2016-9074

Summary

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 45.5affected
MozillaFirefox ESRunspecified < 45.5affected
MozillaFirefoxunspecified < 50affected

Weaknesses

  • Insufficient timing side-channel resistance in divSpoiler

ADP Enrichment

CVE Program Container

Additional References

References