CVE-2020-12400

CWE-203CWE-327Broken Cryptographic AlgorithmCWE-200Information Exposure15 documents9 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 64.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Firefox FOR Android
Timeline
PublishedOct 8
Latest updateMay 24

Description

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages5 packages

CVEListV5mozilla/firefox_for_androidunspecified80
CVEListV5mozilla/firefoxunspecified80
NVDmozilla/firefox< 80.0
Debiannss< 2:3.55-1+3
Ubuntunss< 2:3.28.4-0ubuntu0.16.04.13+3

🔴Vulnerability Details

6
GHSA
GHSA-38vr-4p57-8h9g: When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based2022-05-24
OSV
CVE-2020-12400: When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based2020-10-08
CVEList
CVE-2020-12400: When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based2020-10-08
OSV
firefox regressions2020-09-03
OSV
firefox vulnerabilities2020-08-26

📋Vendor Advisories

6
Ubuntu
Firefox vulnerabilities2020-08-26
Ubuntu
NSS vulnerabilities2020-08-10
Red Hat
nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function2020-07-28
Debian
CVE-2020-12400: firefox - When converting coordinates from projective to affine, the modular inversion was...2020
Mozilla
Mozilla Foundation Security Advisory 2020-39: CVE-2020-12400

💬Community

2
Bugzilla
CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function [fedora-all]2020-07-31
Bugzilla
CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function2020-07-06
CVE-2020-12400 (MEDIUM CVSS 4.7) | When converting coordinates from pr | cvebase.io