Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-12399

Опубликовано: 09 июл. 2020
Источник: debian
EPSS Низкий

Описание

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed77.0-1package
firefox-esrfixed68.9.0esr-1package
nssfixed2:3.53-1package
thunderbirdfixed1:68.9.0-1package

Примечания

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 (non-public)

  • Fixed by: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399

EPSS

Процентиль: 28%
0.00101
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-12399

CVSS3: 4.4
ubuntu
больше 5 лет назад

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

redhat логотип

CVE-2020-12399

CVSS3: 4.4
redhat
больше 5 лет назад

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

nvd логотип

CVE-2020-12399

CVSS3: 4.4
nvd
больше 5 лет назад

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

github логотип

GHSA-fq62-4j88-qq7x

github
больше 3 лет назад

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

fstec логотип

BDU:2021-00099

CVSS3: 3.7
fstec
больше 5 лет назад

Уязвимость подписи DSA веб-браузеров программного обеспечения Firefox, Firefox-esr и Thunderbird, связанная с раскрытием информации в результате расхождений, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 28%
0.00101
Низкий