CVE-2020-12401

MEDIUM4.7

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data

Published Oct 8, 2020

Modified 1 years ago

Fix available

Details

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Affected Packages

Firefox

Ubuntu 14.04 LTSUbuntu 16.04 LTSUbuntu 18.04 LTSUbuntu 20.04 LTSUbuntu 22.04 LTS

Fixed in:

80

Mozilla Firefox

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

Fixed in:

80

References

WEB

https://bugzilla.mozilla.org/show_bug.cgi?id=1631573