Vulnerabilities > CVE-2020-6829 - Unspecified vulnerability in Mozilla Firefox

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mozilla

NVD

Published: 2020-10-28

Updated: 2023-02-20

Summary

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox * Mozilla Firefox 14.0 Mozilla Firefox 15.0 Mozilla Firefox 16.0 Mozilla Firefox 17.0 Mozilla Firefox 18.0 Mozilla Firefox 19.0 Mozilla Firefox 21.0 Mozilla Firefox 22.0 Mozilla Firefox 24.0 Mozilla Firefox 24.1 Mozilla Firefox 25.0	12

Summary

Vulnerable Configurations

References