Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-12399

Опубликовано: 09 июл. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 1.2
CVSS3: 4.4

Описание

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

РелизСтатусПримечание
bionic

released

77.0.1+build1-0ubuntu0.18.04.1
devel

released

77.0.1+build1-0ubuntu1
eoan

released

77.0.1+build1-0ubuntu0.19.10.1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

77.0.1+build1-0ubuntu0.20.04.1
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

upstream

released

77.0

Показывать по

РелизСтатусПримечание
bionic

released

2:3.35-2ubuntu2.8
devel

released

2:3.49.1-1ubuntu2
eoan

released

2:3.45-1ubuntu2.3
esm-infra-legacy/trusty

released

2:3.28.4-0ubuntu0.14.04.5+esm5
esm-infra/bionic

released

2:3.35-2ubuntu2.8
esm-infra/focal

released

2:3.49.1-1ubuntu1.1
esm-infra/xenial

released

2:3.28.4-0ubuntu0.16.04.11
focal

released

2:3.49.1-1ubuntu1.1
precise/esm

not-affected

2:3.28.4-0ubuntu0.12.04.8
trusty

ignored

end of standard support

Показывать по

РелизСтатусПримечание
bionic

released

1:68.10.0+build1-0ubuntu0.18.04.1
devel

released

1:68.9.0+build1-0ubuntu1
eoan

released

1:68.10.0+build1-0ubuntu0.19.10.1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

released

1:68.10.0+build1-0ubuntu0.20.04.1
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

upstream

released

68.9.0

Показывать по

Ссылки на источники

EPSS

Процентиль: 28%
0.00101
Низкий

1.2 Low

CVSS2

4.4 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-12399

CVSS3: 4.4
redhat
больше 5 лет назад

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

nvd логотип

CVE-2020-12399

CVSS3: 4.4
nvd
больше 5 лет назад

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

debian логотип

CVE-2020-12399

CVSS3: 4.4
debian
больше 5 лет назад

NSS has shown timing differences when performing DSA signatures, which ...

github логотип

GHSA-fq62-4j88-qq7x

github
больше 3 лет назад

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

fstec логотип

BDU:2021-00099

CVSS3: 3.7
fstec
больше 5 лет назад

Уязвимость подписи DSA веб-браузеров программного обеспечения Firefox, Firefox-esr и Thunderbird, связанная с раскрытием информации в результате расхождений, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 28%
0.00101
Низкий

1.2 Low

CVSS2

4.4 Medium

CVSS3