Vulnerabilities > CVE-2020-12400 - Information Exposure Through Discrepancy vulnerability in Mozilla Firefox

047910
CVSS 4.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
high complexity
mozilla
CWE-203

Summary

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Vulnerable Configurations

Part Description Count
Application
Mozilla
504

Common Weakness Enumeration (CWE)