Описание
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Отчет
Firefox on Red Hat Enterprise Linux is built against the system nss library.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | firefox | Not affected | ||
| Red Hat Enterprise Linux 6 | nss | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | nss | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | nss-altfiles | Not affected | ||
| Red Hat Enterprise Linux 7 | nspr | Fixed | RHSA-2020:4076 | 29.09.2020 |
| Red Hat Enterprise Linux 7 | nss | Fixed | RHSA-2020:4076 | 29.09.2020 |
| Red Hat Enterprise Linux 7 | nss-softokn | Fixed | RHSA-2020:4076 | 29.09.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
When importing a curve25519 private key in PKCS#8format with leading 0 ...
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Уязвимость библиотеки служб сетевой безопасности (NSS) почтового клиента Thunderbird и браузеров Firefox и Firefox ESR, позволяющая нарушителю получить несанкционированный доступ к информации
EPSS
7.5 High
CVSS3