CVE-2020-12399

Summary

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 68.9.0affected
MozillaFirefoxunspecified < 77affected
MozillaFirefox ESRunspecified < 68.9affected

Weaknesses

  • Timing attack on DSA signatures in NSS library

ADP Enrichment

CVE Program Container

Additional References

References