CVE-2020-12399 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Private key recovery |
| Description | NSS before 3.52.1, as used in Firefox before 77.0 and Thunderbird before 68.9.0, has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1179 | thunderbird | 68.8.1-1 | 68.9.0-1 | High | Fixed | |
| AVG-1173 | firefox | 76.0.1-1 | 77.0-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 06 Jun 2020 | ASA-202006-4 | AVG-1179 | thunderbird | High | multiple issues |
| 02 Jun 2020 | ASA-202006-1 | AVG-1173 | firefox | High | multiple issues |