ALT-PU-2020-2126-1
Closed vulnerabilities
Published: 2020-06-02
BDU:2021-00099
Уязвимость подписи DSA веб-браузеров программного обеспечения Firefox, Firefox-esr и Thunderbird, связанная с раскрытием информации в результате расхождений, позволяющая нарушителю получить доступ к конфиденциальным данным
Severity: LOW (3.7)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
Published: 2020-07-09
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12399
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Severity: MEDIUM (4.4)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1631576
- [debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update
- GLSA-202007-49
- USN-4421-1
- DSA-4726
- https://www.mozilla.org/security/advisories/mfsa2020-20/
- https://www.mozilla.org/security/advisories/mfsa2020-21/
- https://www.mozilla.org/security/advisories/mfsa2020-22/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1631576
- https://www.mozilla.org/security/advisories/mfsa2020-22/
- https://www.mozilla.org/security/advisories/mfsa2020-21/
- https://www.mozilla.org/security/advisories/mfsa2020-20/
- DSA-4726
- USN-4421-1
- GLSA-202007-49
- [debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update