Описание
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 80.0+build2-0ubuntu0.18.04.1 |
| devel | released | 80.0.1+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 80.0+build2-0ubuntu0.20.04.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 80 |
| xenial | released | 80.0+build2-0ubuntu0.16.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:3.35-2ubuntu2.11 |
| devel | released | 2:3.55-1ubuntu1 |
| esm-infra-legacy/trusty | released | 2:3.28.4-0ubuntu0.14.04.5+esm7 |
| esm-infra/bionic | released | 2:3.35-2ubuntu2.11 |
| esm-infra/focal | released | 2:3.49.1-1ubuntu1.4 |
| esm-infra/xenial | released | 2:3.28.4-0ubuntu0.16.04.13 |
| focal | released | 2:3.49.1-1ubuntu1.4 |
| precise/esm | not-affected | 2:3.28.4-0ubuntu0.12.04.10 |
| trusty | ignored | end of standard support |
| trusty/esm | released | 2:3.28.4-0ubuntu0.14.04.5+esm7 |
Показывать по
Ссылки на источники
1.2 Low
CVSS2
4.7 Medium
CVSS3
Связанные уязвимости
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
When converting coordinates from projective to affine, the modular inv ...
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Уязвимость функции модульной инверсии набора библиотек NSS (Network Security Services), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
1.2 Low
CVSS2
4.7 Medium
CVSS3