VDB

CVE-2020-12399

CVE-2020-12399 PUBLISHED

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

EPSS 0.10% · 26.8th percentile

Risk Scores

EPSS Score
0.10%
26.8th percentile

Affected Products

VendorProductVersions
Ubuntu:20.04:LTSfirefox73.0+build1-0ubuntu1, 72.0.2+build1-0ubuntu1, 71.0+build5-0ubuntu1
Ubuntu:18.04:LTSthunderbird1:60.7.0+build1-0ubuntu0.18.04.1, 1:60.5.1+build2-0ubuntu0.18.04.1, 1:60.4.0+build2-0ubuntu0.18.04.1
Ubuntu:20.04:LTSnss0, 2:3.45-1ubuntu2, 2:3.47-1ubuntu2
Ubuntu:16.04:LTSfirefox*, *, *
Ubuntu:Pro:14.04:LTSnss*, 0, 2:3.15.1-1ubuntu1
Ubuntu:16.04:LTSnss2:3.23-0ubuntu0.16.04.1, 2:3.21-1ubuntu4, 2:3.21-1ubuntu3
Ubuntu:18.04:LTSfirefox70.0.1+build1-0ubuntu0.18.04.1, 70.0+build2-0ubuntu0.18.04.1, 69.0.2+build1-0ubuntu0.18.04.1
Ubuntu:16.04:LTSthunderbird1:52.6.0+build1-0ubuntu0.16.04.1, 1:52.4.0+build1-0ubuntu0.16.04.2, 1:52.2.1+build1-0ubuntu0.16.04.1
Ubuntu:20.04:LTSthunderbird1:68.3.0+build2-0ubuntu1, 1:68.2.2+build1-0ubuntu1, 1:68.2.1+build1-0ubuntu1
Ubuntu:18.04:LTSnss*, *, 0

Timeline

  • May 26, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 23, 2021 EPSS Score
  • Oct 24, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 25, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 28, 2022 EPSS Score
  • Jun 29, 2022 EPSS Score
  • Aug 31, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›