Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-6829

Опубликовано: 28 окт. 2020
Источник: debian
EPSS Низкий

Описание

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed80.0-1package
nssfixed2:3.55-1package

Примечания

  • https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c

  • https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0

  • https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes

  • Issue relates to CVE-2020-12400 and resolved in the same commits.

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-6829

EPSS

Процентиль: 46%
0.00236
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-6829

CVSS3: 5.3
ubuntu
около 5 лет назад

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

redhat логотип

CVE-2020-6829

CVSS3: 4.4
redhat
больше 5 лет назад

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

nvd логотип

CVE-2020-6829

CVSS3: 5.3
nvd
около 5 лет назад

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

github логотип

GHSA-cc99-55qg-f87r

CVSS3: 5.3
github
больше 3 лет назад

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

fstec логотип

BDU:2020-03953

CVSS3: 9
fstec
больше 5 лет назад

Уязвимость компонента Knowledge Management программной интеграционной платформы SAP NetWeaver, позволяющая нарушителю осуществить межсайтовые сценарные атаки

EPSS

Процентиль: 46%
0.00236
Низкий