{"id":"CVE-2016-9074","details":"An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird \u003c 45.5, Firefox ESR \u003c 45.5, and Firefox \u003c 50.","modified":"2026-04-16T01:40:20.861052785Z","published":"2018-06-11T21:29:01.497Z","related":["SUSE-SU-2016:3014-1","SUSE-SU-2016:3080-1","SUSE-SU-2016:3105-1","openSUSE-SU-2024:10071-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94341"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1037298"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-15"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-46"},{"type":"ADVISORY","url":"https://www.debian.org/security/2016/dsa-3730"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1293334"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"45.5.0"}]},{"events":[{"introduced":"0"},{"fixed":"50.0"}]},{"events":[{"introduced":"0"},{"fixed":"45.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9074.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}