CVE-2020-6829

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 80 Firefox for Android versions prior to 80 SAP NetWeaver (affected versions not specified)

Description The issue is related to the use of the wNAF point multiplication algorithm during EC scalar point multiplication, which leaked partial information about the nonce used during signature generation. This allowed an attacker to compute the private key given an electro-magnetic trace of a few signature generations. Additionally, there is a vulnerability in the Knowledge Management component of the SAP NetWeaver platform related to the failure to neutralize script-related HTML tags on a web page, which could enable a remote attacker to perform cross-site scripting attacks.

Recommendations For Firefox versions prior to 80, update to version 80 or later. For Firefox for Android versions prior to 80, update to version 80 or later. For SAP NetWeaver, restrict access to the vulnerable Knowledge Management component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for the SAP NetWeaver vulnerability.