PT-2023-7972 · Mozilla+9 · Firefox+9

George Pantela

Publicado

2023-12-19

Atualizado

2025-03-21

CVE-2023-6135

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 121

Description The issue is related to a side-channel attack known as "Minerva" that affects multiple NSS NIST curves, potentially allowing an attacker to recover the private key. This could lead to the disclosure of confidential information. The attack can be exploited by a remote attacker.

Recommendations For versions prior to 121, update to version 121 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

Exploit

Correção

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-203

Identificadores relacionados

ALSA-2024:0786

ALSA-2024:0790

ALT-PU-2023-8231

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-15840

BDU:2023-09056

CESA-2024_0786

CVE-2023-6135

ECHO-BE87-B95E-603F

OESA-2025-1322

OESA-2025-1323

OPENSUSE-SU-2024:13531-1

OPENSUSE-SU-2024:14572-1

RHSA-2024:0785

RHSA-2024:0786

RHSA-2024:0790

RHSA-2024:0791

RHSA-2024_0786

RHSA-2024_0790

RLSA-2024:0786

USN-6562-1

USN-6562-2

USN-6727-1

USN-6727-2

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Firefox

Red Hat

Rocky Linux

Ubuntu

PT-2023-7972 · Mozilla+9 · Firefox+9

CVE-2023-6135

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1973