PT-2020-5323 · Mozilla+8 · Firefox+10

Cesar Pereida Garcia

·

Published

2020-05-21

·

Updated

2024-12-12

·

CVE-2020-12399

CVSS v3.1

4.4

Medium

VectorAV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 68.9.0 Firefox versions prior to 77 Thunderbird versions prior to 68.9.0
Description The issue is related to a DSA signature vulnerability in web browsers and a mail client, which can lead to information disclosure through inconsistency. Exploitation of this issue may allow an attacker to access confidential data. The vulnerability is due to timing differences when performing DSA signatures, which can eventually leak private keys.
Recommendations For Firefox ESR versions prior to 68.9.0, update to version 68.9.0 or later. For Firefox versions prior to 77, update to version 77 or later. For Thunderbird versions prior to 68.9.0, update to version 68.9.0 or later.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALT-PU-2020-2084
ALT-PU-2020-2092
ALT-PU-2020-2102
ALT-PU-2020-2126
ALT-PU-2020-2127
ALT-PU-2020-2150
ALT-PU-2020-2408
ALT-PU-2020-2932
ALT-PU-2020-2933
ALT-PU-2020-3442
ALT-PU-2021-1367
ALT-PU-2021-1368
ALT-PU-2021-3368
BDU:2021-00099
CESA-2020_3280
CVE-2020-12399
DLA-2243-1
DLA-2247-1
DLA-2266-1
DLA-2388-1
DSA-4695-1
DSA-4702-1
DSA-4726-1
OPENSUSE-SU-2020:0854-1
OPENSUSE-SU-2020_0854-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:11058-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:3280
RHSA-2020_3280
RLSA-2020:3280
SUSE-SU-2020:14418-1
SUSE-SU-2020:1677-1
SUSE-SU-2020:1839-1
USN-4383-1
USN-4397-1
USN-4397-2
USN-4421-1

Affected Products

Alt Linux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu