Vulnerabilities > CVE-2020-12401 - Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1631573
- https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html
- https://www.mozilla.org/security/advisories/mfsa2020-36/
- https://www.mozilla.org/security/advisories/mfsa2020-39/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1631573
- https://www.mozilla.org/security/advisories/mfsa2020-39/
- https://www.mozilla.org/security/advisories/mfsa2020-36/
- https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html