PT-2023-7972 · Mozilla+9 · Firefox+9

George Pantela

Published

2023-12-19

Updated

2025-03-21

CVE-2023-6135

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 121

Description The issue is related to a side-channel attack known as "Minerva" that affects multiple NSS NIST curves, potentially allowing an attacker to recover the private key. This could lead to the disclosure of confidential information. The attack can be exploited by a remote attacker.

Recommendations For versions prior to 121, update to version 121 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALSA-2024:0786

ALSA-2024:0790

ALT-PU-2023-8231

ALT-PU-2024-13898

ALT-PU-2024-15839

ALT-PU-2024-15840

BDU:2023-09056

CESA-2024_0786

CVE-2023-6135

ECHO-BE87-B95E-603F

OESA-2025-1322

OESA-2025-1323

OPENSUSE-SU-2024:13531-1

OPENSUSE-SU-2024:14572-1

RHSA-2024:0785

RHSA-2024:0786

RHSA-2024:0790

RHSA-2024:0791

RHSA-2024_0786

RHSA-2024_0790

RLSA-2024:0786

USN-6562-1

USN-6562-2

USN-6727-1

USN-6727-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Firefox

Red Hat

Rocky Linux

Ubuntu

PT-2023-7972 · Mozilla+9 · Firefox+9

CVE-2023-6135

Weakness Enumeration

Related Identifiers

Affected Products

References · 1973