CVE-2020-12399

CVSS v3.1 4.4 (Medium)

CVSS v2.0 1.2 (Low)

EPSS 0.06 % (28^th)

Affected Products 4

Advisories 19

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Weaknesses

CWE-203: Observable Discrepancy

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-07-09 15:15:10
(4 years ago)
Updated Date: 2022-01-04 16:38:55
(2 years ago)

Affected Products

Debian

Debian Linux

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 77.0 version	cpe:2.3:a:mozilla:firefox	< 77.0
Mozilla Firefox Esr prior 68.9.0 version	cpe:2.3:a:mozilla:firefox_esr	< 68.9.0
Mozilla Thunderbird prior 68.9.0 version	cpe:2.3:a:mozilla:thunderbird	< 68.9.0

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0