---

CVE-2020-12399 - log back

CVE-2020-12399 edited at 05 Jun 2020 13:56:15
Description	- NSS, as used in Firefox before 77.0 and Thunderbird before 68.9.0, has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. + NSS before 3.52.1, as used in Firefox before 77.0 and Thunderbird before 68.9.0, has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.
References	https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/ https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 + https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e + https://bugzilla.mozilla.org/show_bug.cgi?id=1631576

CVE-2020-12399 edited at 05 Jun 2020 13:54:35
Description	- NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. + NSS, as used in Firefox before 77.0 and Thunderbird before 68.9.0, has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.

CVE-2020-12399 edited at 02 Jun 2020 21:29:25
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Private key recovery
Description	+ NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/ + https://bugzilla.mozilla.org/show_bug.cgi?id=1631576
Notes

CVE-2020-12399 created at 02 Jun 2020 21:22:07