CVE-2020-12399 Information

Feb 14, 2021 cve

Description

NSS has shown timing differences when performing DSA signatures which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird 68.9.0 Firefox 77 and Firefox ESR 68.9.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html https://security.gentoo.org/glsa/202007-49 https://usn.ubuntu.com/4421-1/ https://www.debian.org/security/2020/dsa-4726 https://www.mozilla.org/security/advisories/mfsa2020-20/ https://www.mozilla.org/security/advisories/mfsa2020-21/ https://www.mozilla.org/security/advisories/mfsa2020-22/

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.4

Share on: