CVE-2020-12401
CVSS v3.1
4.7 (Medium)
CVSS v2.0
1.9 (Low)
EPSS
0.05 % (18th)
Affected Products
1
Advisories
13
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Weaknesses
- CWE-203
- Observable Discrepancy
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2020-10-08 14:15:11
(3 years ago) - Updated Date
-
2023-02-20 17:15:11
(19 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...