CVE-2020-12401
published 2020-10-08CVE-2020-12401: During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time…
PriorityP418medium4.7CVSS 3.1
AVLACHPRLUINSUCHINAN
EPSS
0.32%
24.1th percentile
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 80.0-1 (sid) | firefox 80.0-1 (sid) |
| debian | nss | < firefox 80.0-1 (sid) | firefox 80.0-1 (sid) |
| mozilla | firefox | < 80.0 | 80.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 80.0+build2-0ubuntu0.16.04.1 | 80.0+build2-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 80.0.1+build1-0ubuntu0.16.04.1 | 80.0.1+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 80.0+build2-0ubuntu0.18.04.1 | 80.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 80.0.1+build1-0ubuntu0.18.04.1 | 80.0.1+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 80.0+build2-0ubuntu0.20.04.1 | 80.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 80.0.1+build1-0ubuntu0.20.04.1 | 80.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 80 | 80 |
| mozilla | firefox_for_android | >= unspecified < 80 | 80 |
| mozilla | nss | >= 0 < 2:3.55-1 | 2:3.55-1 |
| mozilla | nss | >= 0 < 2:3.55-1 | 2:3.55-1 |
| mozilla | nss | >= 0 < 2:3.55-1 | 2:3.55-1 |
| mozilla | nss | >= 0 < 2:3.55-1 | 2:3.55-1 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.16.04.13 | 2:3.28.4-0ubuntu0.16.04.13 |
| mozilla | nss | >= 0 < 2:3.35-2ubuntu2.11 | 2:3.35-2ubuntu2.11 |
| mozilla | nss | >= 0 < 2:3.49.1-1ubuntu1.4 | 2:3.49.1-1ubuntu1.4 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.14.04.5+esm7 | 2:3.28.4-0ubuntu0.14.04.5+esm7 |
CVSS provenance
nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
osv4.7MEDIUM
vendor_debian4.7MEDIUM
vendor_redhat4.7MEDIUM
vendor_ubuntu4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cm2q-67xf-jw8c: During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in varia
ghsa_unreviewed·2022-05-24
CVE-2020-12401 [MEDIUM] CWE-203 GHSA-cm2q-67xf-jw8c: During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in varia
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
OSV
CVE-2020-12401: During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in varia
osv·2020-10-08·CVSS 4.7
CVE-2020-12401 [MEDIUM] CVE-2020-12401: During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in varia
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
OSV
firefox regressions
osv·2020-09-03·CVSS 4.7
[MEDIUM] firefox regressions
firefox regressions
USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-
OSV
firefox vulnerabilities
osv·2020-08-26·CVSS 4.7
CVE-2020-15664 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
A data race was discovered when importing certificate information in to
the trust store. An attacker could potentially exploit this to cause an
unspecified impact. (CVE-2020-15668)
OSV
nss vulnerabilities
osv·2020-08-10·CVSS 4.7
CVE-2020-12400 [MEDIUM] nss vulnerabilities
nss vulnerabilities
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
Ubuntu
Firefox regressions
vendor_ubuntu·2020-09-03·CVSS 4.7
[MEDIUM] Firefox regressions
Title: Firefox regressions
Summary: USN-4474-1 caused some minor regressions in Firefox.
USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to ex
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-08-26·CVSS 4.7
CVE-2020-15666 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
A data race was discovered when importing certificate information in
Ubuntu
NSS vulnerabilities
vendor_ubuntu·2020-08-10·CVSS 4.7
CVE-2020-12400 [MEDIUM] NSS vulnerabilities
Title: NSS vulnerabilities
Summary: Several security issues were fixed in NSS.
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
nss: ECDSA timing attack mitigation bypass
vendor_redhat·2020-06-30·CVSS 4.7
CVE-2020-12401 [MEDIUM] CWE-327 nss: ECDSA timing attack mitigation bypass
nss: ECDSA timing attack mitigation bypass
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality.
Statement: This is a side channel attack which can u
Debian
CVE-2020-12401: firefox - During ECDSA signature generation, padding applied in the nonce designed to ensu...
vendor_debian·2020·CVSS 4.7
CVE-2020-12401 [MEDIUM] CVE-2020-12401: firefox - During ECDSA signature generation, padding applied in the nonce designed to ensu...
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Scope: local
sid: resolved (fixed in 80.0-1)
Mozilla
Mozilla Foundation Security Advisory 2020-39: CVE-2020-12401
vendor_mozilla·CVSS 4.7
CVE-2020-12401 [MEDIUM] Mozilla Foundation Security Advisory 2020-39: CVE-2020-12401
Mozilla Foundation Security Advisory 2020-39
CVE: CVE-2020-12401
Product: Firefox for Android
Impact: high
Fixed in: Firefox for Android 80
Mozilla
Mozilla Foundation Security Advisory 2020-36: CVE-2020-12401
vendor_mozilla·CVSS 4.7
CVE-2020-12401 [MEDIUM] Mozilla Foundation Security Advisory 2020-36: CVE-2020-12401
Mozilla Foundation Security Advisory 2020-36
CVE: CVE-2020-12401
Product: Firefox
Impact: high
Fixed in: Firefox 80
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-12401 nss: ECDSA timing attack mitigation bypass [fedora-all]
bugzilla·2020-07-31·CVSS 4.7
CVE-2020-12401 [MEDIUM] CVE-2020-12401 nss: ECDSA timing attack mitigation bypass [fedora-all]
CVE-2020-12401 nss: ECDSA timing attack mitigation bypass [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fed
Bugzilla
CVE-2020-12401 nss: ECDSA timing attack mitigation bypass [fedora-all]
bugzilla·2020-07-31·CVSS 4.7
CVE-2020-12401 [MEDIUM] CVE-2020-12401 nss: ECDSA timing attack mitigation bypass [fedora-all]
CVE-2020-12401 nss: ECDSA timing attack mitigation bypass [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fed
Bugzilla
CVE-2020-12401 nss: ECDSA timing attack mitigation bypass
bugzilla·2020-06-26·CVSS 4.7
CVE-2020-12401 [MEDIUM] CVE-2020-12401 nss: ECDSA timing attack mitigation bypass
CVE-2020-12401 nss: ECDSA timing attack mitigation bypass
A timing attacker against ECDSA signature generation is able to obtain information from the secret nonce measuring the time an ECDSA signature generation takes. Current NSS code path has a countermeasure to prevent this know attack since 2011. However it was found that said countermeasure could be completely bypassed. Different flaw from CVE-2020-6829.
Discussion:
Acknowledgments:
Name: the Mozilla Project
Upstream: Cesar Pereida Garcia and the Network and Information Security Group (NISEC)
---
Upstream patch: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573
---
External References:
https://developer.mozilla.org/en-US/docs/Moz
Bugzilla
ECDSA Timing Countermeasure Bypass
bugzilla·2020-04-20
ECDSA Timing Countermeasure Bypass
ECDSA Timing Countermeasure Bypass
[filed from mail to security@ from Alejandro Cabrera Aldaya]
Hello
We are a research group from Tampere University, Finland.
We have been analyzing NSS regarding side-channel vulnerabilities.
We have found that current NSS ECDSA code bypasses one countermeasure used
to prevent a timing attack during signature generation.
Please, find the details of our findings in the attached report.
Best regards,
Alejandro
[timing_bypass_ecdsa_report.md attachment]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --- - - - - -
# ECDSA timing vulnerability.
A timing attacker against ECDSA signature generation is able to obtain information from the secret nonce measuring the time an ECDSA signature generation takes.
# Description
Current NSS co
https://bugzilla.mozilla.org/show_bug.cgi?id=1631573https://lists.debian.org/debian-lts-announce/2023/02/msg00021.htmlhttps://www.mozilla.org/security/advisories/mfsa2020-36/https://www.mozilla.org/security/advisories/mfsa2020-39/https://bugzilla.mozilla.org/show_bug.cgi?id=1631573https://lists.debian.org/debian-lts-announce/2023/02/msg00021.htmlhttps://www.mozilla.org/security/advisories/mfsa2020-36/https://www.mozilla.org/security/advisories/mfsa2020-39/
2020-10-08
Published