{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-6829", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2024-08-04T09:11:05.159Z", "dateReserved": "2020-01-10T00:00:00", "datePublished": "2020-10-28T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2023-02-20T00:00:00"}, "descriptions": [{"lang": "en", "value": "When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80."}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"version": "unspecified", "lessThan": "80", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox for Android", "versions": [{"version": "unspecified", "lessThan": "80", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2020-39/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631583"}, {"name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3327-1] nss security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:11:05.159Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2020-39/", "tags": ["x_transferred"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/", "tags": ["x_transferred"]}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631583", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3327-1] nss security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:-:*:*", "matchCriteriaId": "02FEC5B0-7705-414F-B2F7-BB6F82C1C04F", "versionEndExcluding": "80.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*", "matchCriteriaId": "78F3BE06-CA45-47C1-B3FD-04DCEDDCCB5A", "versionEndExcluding": "80.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80."}, {"lang": "es", "value": "Cuando se lleva a cabo la multiplicaci\u00f3n de puntos escalares EC, se us\u00f3 el algoritmo de multiplicaci\u00f3n de puntos wNAF;&#xa0;que filtr\u00f3 informaci\u00f3n parcial sobre el nonce usado durante la generaci\u00f3n de firmas.&#xa0;Dado un rastro electromagn\u00e9tico de unas pocas generaciones de firmas, la clave privada podr\u00eda haberse calculado.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 80 y Firefox para Android versiones anteriores a 80"}], "id": "CVE-2020-6829", "lastModified": "2024-11-21T05:36:15.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-28T12:15:12.407", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631583"}, {"source": "security@mozilla.org", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-39/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-39/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Billy Bob Brumley (Network and Information Security Group (NISEC), Cesar Pereida (Network and Information Security Group (NISEC), Nicola Tuveri (Network and Information Security Group (NISEC), and Yuval Yarom (Network and Information Security Group (NISEC) as the original reporters.", "affected_release": [{"advisory": "RHSA-2020:4076", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nspr-0:4.25.0-2.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4076", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-0:3.53.1-3.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4076", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-softokn-0:3.53.1-6.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4076", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "nss-util-0:3.53.1-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2021:0538", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nss-0:3.53.1-17.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-02-16T00:00:00Z"}, {"advisory": "RHSA-2021:0949", "cpe": "cpe:/a:redhat:openshift_do:1.0::el7", "package": "openshiftdo/odo-init-image-rhel7:1.1.3-2", "product_name": "Red Hat OpenShift Do", "release_date": "2021-03-22T00:00:00Z"}], "bugzilla": {"description": "nss: Side channel attack on ECDSA signature generation", "id": "1826187", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826187"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-327", "details": ["When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.", "A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-6829", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "nss", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "nss", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "nss-altfiles", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2020-06-02T12:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-6829\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6829\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes"], "statement": "This is a side channel attack which can used to exact pirate keys when ECDSA signatures are being generated. This attack is only feasible when the attacker is local to the machine or in certain cross-VM scenarios where the signature is being generated. Attacks over the network or via the internet are not feasible.", "threat_severity": "Moderate"}