ALPINE-CVE-2020-12400

ALPINE-CVE-2020-12400 PUBLISHED CVSS 4.699999809265137 MEDIUM

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Risk Scores

CVSS v3.1

4.699999809265137

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.21	nss	3.12.11-r1, 3.54-r0, 3.53.1-r0
Alpine:v3.19	nss	3.54-r0, 3.12.11-r1, 3.12.7-r0
Alpine:v3.23	nss	3.20-r0, 3.53.1-r0, 3.52.1-r0
Alpine:v3.12	nss	3.12.10-r0, 3.54-r0, 3.53.1-r0
Alpine:v3.20	nss	3.17.1-r0, 3.12.11-r0, 3.12.11-r1
Alpine:v3.22	nss	3.54-r0, 3.53.1-r0, 3.52.1-r0

Timeline

Oct 8, 2020 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2020-12400 advisory

Open in Interactive Console →