ID |
CVE-2020-6829
|
Summary |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*
-
cpe:2.3:a:mozilla:firefox:14.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:14.0:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:15.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:15.0:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:16.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:16.0:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:17.0:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:18.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:18.0:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:21.0:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:22.0:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:24.0:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:24.1:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:24.1:*:*:*:*:-:*:*
-
cpe:2.3:a:mozilla:firefox:25.0:*:*:*:*:-:*:*
cpe:2.3:a:mozilla:firefox:25.0:*:*:*:*:-:*:*
|
CVSS |
Base: | 5.0 (as of 20-02-2023 - 17:15) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
redhat
via4
|
advisories | bugzilla | id | 1870885 | title | KDF-self-tests-induced changes for nss in RHEL 7.9 |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 7 is installed | oval | oval:com.redhat.rhba:tst:20150364027 |
OR | AND | comment | nspr is earlier than 0:4.25.0-2.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076001 |
comment | nspr is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364002 |
|
AND | comment | nspr-devel is earlier than 0:4.25.0-2.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076003 |
comment | nspr-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364004 |
|
AND | comment | nss-util is earlier than 0:3.53.1-1.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076005 |
comment | nss-util is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364016 |
|
AND | comment | nss-util-devel is earlier than 0:3.53.1-1.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076007 |
comment | nss-util-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364018 |
|
AND | comment | nss is earlier than 0:3.53.1-3.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076009 |
comment | nss is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364006 |
|
AND | comment | nss-devel is earlier than 0:3.53.1-3.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076011 |
comment | nss-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364008 |
|
AND | comment | nss-pkcs11-devel is earlier than 0:3.53.1-3.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076013 |
comment | nss-pkcs11-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364010 |
|
AND | comment | nss-sysinit is earlier than 0:3.53.1-3.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076015 |
comment | nss-sysinit is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364012 |
|
AND | comment | nss-tools is earlier than 0:3.53.1-3.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076017 |
comment | nss-tools is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364014 |
|
AND | comment | nss-softokn is earlier than 0:3.53.1-6.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076019 |
comment | nss-softokn is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364020 |
|
AND | comment | nss-softokn-devel is earlier than 0:3.53.1-6.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076021 |
comment | nss-softokn-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364022 |
|
AND | comment | nss-softokn-freebl is earlier than 0:3.53.1-6.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076023 |
comment | nss-softokn-freebl is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364024 |
|
AND | comment | nss-softokn-freebl-devel is earlier than 0:3.53.1-6.el7_9 | oval | oval:com.redhat.rhsa:tst:20204076025 |
comment | nss-softokn-freebl-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20150364026 |
|
|
|
|
| rhsa | id | RHSA-2020:4076 | released | 2020-09-29 | severity | Moderate | title | RHSA-2020:4076: nss and nspr security, bug fix, and enhancement update (Moderate) |
|
| rpms | - nspr-0:4.25.0-2.el7_9
- nspr-debuginfo-0:4.25.0-2.el7_9
- nspr-devel-0:4.25.0-2.el7_9
- nss-0:3.53.1-3.el7_9
- nss-debuginfo-0:3.53.1-3.el7_9
- nss-devel-0:3.53.1-3.el7_9
- nss-pkcs11-devel-0:3.53.1-3.el7_9
- nss-softokn-0:3.53.1-6.el7_9
- nss-softokn-debuginfo-0:3.53.1-6.el7_9
- nss-softokn-devel-0:3.53.1-6.el7_9
- nss-softokn-freebl-0:3.53.1-6.el7_9
- nss-softokn-freebl-devel-0:3.53.1-6.el7_9
- nss-sysinit-0:3.53.1-3.el7_9
- nss-tools-0:3.53.1-3.el7_9
- nss-util-0:3.53.1-1.el7_9
- nss-util-debuginfo-0:3.53.1-1.el7_9
- nss-util-devel-0:3.53.1-1.el7_9
|
|
refmap
via4
|
|
Last major update |
20-02-2023 - 17:15 |
Published |
28-10-2020 - 12:15 |
Last modified |
20-02-2023 - 17:15 |