CVE-2020-12399
MEDIUM4.4EPSS 0.09%firefox-esr - security update
發布日:2020/7/9修改日:2026/4/28
也稱為:DEBIAN-CVE-2020-12399
描述
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
受影響套件(6)
- Debian/firefox-esrfrom 0, < 68.9.0esr-1
- Debian/firefox-esrfrom 0, < 68.9.0esr-1~deb8u2
- Debian/firefox-esrfrom 0, < 68.9.0esr-1~deb9u1
- Debian/nssfrom 0, < 2:3.53-1
- Debian/nssfrom 0, < 2:3.26-1+debu8u11
- Debian/thunderbirdfrom 0, < 1:68.9.0-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.4 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N |