Search for packages
| purl | pkg:deb/ubuntu/nss@2:3.49.1-1ubuntu1.3 |
| Next non-vulnerable version | 2:3.49.1-1ubuntu1.5 |
| Latest non-vulnerable version | 2:3.49.1-1ubuntu1.5 |
| Risk | 4.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2sza-nrr3-aaam
Aliases: CVE-2020-12400 |
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. |
Affected by 1 other vulnerability. |
|
VCID-985n-34bg-aaaq
Aliases: CVE-2020-12401 |
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. |
Affected by 1 other vulnerability. |
|
VCID-mfgf-bqs7-aaan
Aliases: CVE-2020-6829 |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. |
Affected by 1 other vulnerability. |
|
VCID-p8d3-gs41-aaan
Aliases: CVE-2020-12403 |
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|