CVE-2020-6829
published 2020-10-28CVE-2020-6829: When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during…
PriorityP424medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
1.45%
70.2th percentile
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 80.0-1 (sid) | firefox 80.0-1 (sid) |
| debian | nss | < firefox 80.0-1 (sid) | firefox 80.0-1 (sid) |
| mozilla | firefox | < 80.0 | 80.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 80.0+build2-0ubuntu0.16.04.1 | 80.0+build2-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 80.0.1+build1-0ubuntu0.16.04.1 | 80.0.1+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 80.0+build2-0ubuntu0.18.04.1 | 80.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 80.0.1+build1-0ubuntu0.18.04.1 | 80.0.1+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 80.0+build2-0ubuntu0.20.04.1 | 80.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 80.0.1+build1-0ubuntu0.20.04.1 | 80.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 80 | 80 |
| mozilla | firefox_for_android | >= unspecified < 80 | 80 |
| mozilla | nss | >= 0 < 2:3.55-1 | 2:3.55-1 |
| mozilla | nss | >= 0 < 2:3.55-1 | 2:3.55-1 |
| mozilla | nss | >= 0 < 2:3.55-1 | 2:3.55-1 |
| mozilla | nss | >= 0 < 2:3.55-1 | 2:3.55-1 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.16.04.13 | 2:3.28.4-0ubuntu0.16.04.13 |
| mozilla | nss | >= 0 < 2:3.35-2ubuntu2.11 | 2:3.35-2ubuntu2.11 |
| mozilla | nss | >= 0 < 2:3.49.1-1ubuntu1.4 | 2:3.49.1-1ubuntu1.4 |
| mozilla | nss | >= 0 < 2:3.28.4-0ubuntu0.14.04.5+esm7 | 2:3.28.4-0ubuntu0.14.04.5+esm7 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vendor_oracle7.5HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
vendor_ubuntu4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cc99-55qg-f87r: When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce use
ghsa_unreviewed·2022-05-24
CVE-2020-6829 [MEDIUM] GHSA-cc99-55qg-f87r: When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce use
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
OSV
CVE-2020-6829: When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce use
osv·2020-10-28·CVSS 5.3
CVE-2020-6829 [MEDIUM] CVE-2020-6829: When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce use
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
OSV
firefox regressions
osv·2020-09-03·CVSS 4.7
[MEDIUM] firefox regressions
firefox regressions
USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-
OSV
firefox vulnerabilities
osv·2020-08-26·CVSS 4.7
CVE-2020-15664 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
A data race was discovered when importing certificate information in to
the trust store. An attacker could potentially exploit this to cause an
unspecified impact. (CVE-2020-15668)
OSV
nss vulnerabilities
osv·2020-08-10·CVSS 4.7
CVE-2020-12400 [MEDIUM] nss vulnerabilities
nss vulnerabilities
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
Ubuntu
Firefox regressions
vendor_ubuntu·2020-09-03·CVSS 4.7
[MEDIUM] Firefox regressions
Title: Firefox regressions
Summary: USN-4474-1 caused some minor regressions in Firefox.
USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to ex
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-08-26·CVSS 4.7
CVE-2020-15666 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
A data race was discovered when importing certificate information in
Ubuntu
NSS vulnerabilities
vendor_ubuntu·2020-08-10·CVSS 4.7
CVE-2020-12400 [MEDIUM] NSS vulnerabilities
Title: NSS vulnerabilities
Summary: Several security issues were fixed in NSS.
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
nss: Side channel attack on ECDSA signature generation
vendor_redhat·2020-06-02·CVSS 5.3
CVE-2020-6829 [MEDIUM] CWE-327 nss: Side channel attack on ECDSA signature generation
nss: Side channel attack on ECDSA signature generation
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat f
Oracle
Oracle Oracle Communications Applications Risk Matrix: General (libgcrypt) — CVE-2018-6829
vendor_oracle·2020-01-15·CVSS 7.5
CVE-2018-6829 [HIGH] Oracle Oracle Communications Applications Risk Matrix: General (libgcrypt) — CVE-2018-6829
Oracle Oracle Communications Applications Risk Matrix: General (libgcrypt) vulnerability
CVE: CVE-2018-6829
CVSS: 7.5
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2020 (JAN 2020)
Debian
CVE-2020-6829: firefox - When performing EC scalar point multiplication, the wNAF point multiplication al...
vendor_debian·2020·CVSS 5.3
CVE-2020-6829 [MEDIUM] CVE-2020-6829: firefox - When performing EC scalar point multiplication, the wNAF point multiplication al...
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Scope: local
sid: resolved (fixed in 80.0-1)
Mozilla
Mozilla Foundation Security Advisory 2020-36: CVE-2020-6829
vendor_mozilla·CVSS 5.3
CVE-2020-6829 [MEDIUM] Mozilla Foundation Security Advisory 2020-36: CVE-2020-6829
Mozilla Foundation Security Advisory 2020-36
CVE: CVE-2020-6829
Product: Firefox
Impact: high
Fixed in: Firefox 80
Mozilla
Mozilla Foundation Security Advisory 2020-39: CVE-2020-6829
vendor_mozilla·CVSS 5.3
CVE-2020-6829 [MEDIUM] Mozilla Foundation Security Advisory 2020-39: CVE-2020-6829
Mozilla Foundation Security Advisory 2020-39
CVE: CVE-2020-6829
Product: Firefox for Android
Impact: high
Fixed in: Firefox for Android 80
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-6829 nss: Side channel attack on ECDSA signature generation [fedora-all]
bugzilla·2020-07-31·CVSS 5.3
CVE-2020-6829 [MEDIUM] CVE-2020-6829 nss: Side channel attack on ECDSA signature generation [fedora-all]
CVE-2020-6829 nss: Side channel attack on ECDSA signature generation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported vers
Bugzilla
CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function
bugzilla·2020-07-06·CVSS 4.7
CVE-2020-12400 [MEDIUM] CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function
CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function
As per the researcher:
During our analysis to several cryptographic libraries we focused on NIST curve P-256 code paths and have found that your library is potentially vulnerable because the projective to affine coordinates conversion uses a side-channel vulnerable modular inversion function.
Discussion:
Acknowledgments:
Name: the Mozilla Project
Upstream: Cesar Pereida Garcia and the Network and Information Security Group (NISEC)
---
This issue is related to CVE-2020-6829 and is resolved in the same commit at:
https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c
https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0
---
Bugzilla
CVE-2020-12401 nss: ECDSA timing attack mitigation bypass
bugzilla·2020-06-26·CVSS 4.7
CVE-2020-12401 [MEDIUM] CVE-2020-12401 nss: ECDSA timing attack mitigation bypass
CVE-2020-12401 nss: ECDSA timing attack mitigation bypass
A timing attacker against ECDSA signature generation is able to obtain information from the secret nonce measuring the time an ECDSA signature generation takes. Current NSS code path has a countermeasure to prevent this know attack since 2011. However it was found that said countermeasure could be completely bypassed. Different flaw from CVE-2020-6829.
Discussion:
Acknowledgments:
Name: the Mozilla Project
Upstream: Cesar Pereida Garcia and the Network and Information Security Group (NISEC)
---
Upstream patch: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20
Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573
---
External References:
https://developer.mozilla.org/en-US/docs/Moz
Bugzilla
CVE-2020-6829 nss: Side channel attack on ECDSA signature generation
bugzilla·2020-04-21·CVSS 4.7
CVE-2020-6829 [MEDIUM] CVE-2020-6829 nss: Side channel attack on ECDSA signature generation
CVE-2020-6829 nss: Side channel attack on ECDSA signature generation
Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key.
Discussion:
OpenShift 4.x only packages nss-altfiles and has been confirmed to *not* share any of the vulnerable signature code:
- nss-altfiles only reads information from files in the same format as /etc/passwd and /etc/group.
---
Acknowledgments:
Name: the Mozilla Project
Upstream: Cesar Pereida (Network and Information Security Group (NISEC), Billy Bob Brumley (Network and Infor
https://bugzilla.mozilla.org/show_bug.cgi?id=1631583https://lists.debian.org/debian-lts-announce/2023/02/msg00021.htmlhttps://www.mozilla.org/security/advisories/mfsa2020-36/https://www.mozilla.org/security/advisories/mfsa2020-39/https://bugzilla.mozilla.org/show_bug.cgi?id=1631583https://lists.debian.org/debian-lts-announce/2023/02/msg00021.htmlhttps://www.mozilla.org/security/advisories/mfsa2020-36/https://www.mozilla.org/security/advisories/mfsa2020-39/
2020-10-28
Published