CVE-2020-12399
MEDIUM4.4EPSS 0.09%firefox-esr - security update
Published: 7/9/2020Modified: 4/28/2026
Also known as:DEBIAN-CVE-2020-12399
Description
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Affected packages (6)
- Debian/firefox-esrfrom 0, < 68.9.0esr-1
- Debian/firefox-esrfrom 0, < 68.9.0esr-1~deb8u2
- Debian/firefox-esrfrom 0, < 68.9.0esr-1~deb9u1
- Debian/nssfrom 0, < 2:3.53-1
- Debian/nssfrom 0, < 2:3.26-1+debu8u11
- Debian/thunderbirdfrom 0, < 1:68.9.0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.4 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N |