Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hh1a-udhx-kfh4
Vulnerability ID VCID-hh1a-udhx-kfh4
Aliases CVE-2020-12399
Summary NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
System Score Found at
cvssv3 4.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2020-12399
cvssv3.1 4.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-1173
archlinux High https://security.archlinux.org/AVG-1179
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2020-20
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2020-21
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2020-22
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json
https://api.first.org/data/v1/epss?cve=CVE-2020-12399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1826177 https://bugzilla.redhat.com/show_bug.cgi?id=1826177
961752 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752
ASA-202006-1 https://security.archlinux.org/ASA-202006-1
ASA-202006-4 https://security.archlinux.org/ASA-202006-4
AVG-1173 https://security.archlinux.org/AVG-1173
AVG-1179 https://security.archlinux.org/AVG-1179
GLSA-202007-49 https://security.gentoo.org/glsa/202007-49
mfsa2020-20 https://www.mozilla.org/en-US/security/advisories/mfsa2020-20
mfsa2020-21 https://www.mozilla.org/en-US/security/advisories/mfsa2020-21
mfsa2020-22 https://www.mozilla.org/en-US/security/advisories/mfsa2020-22
RHSA-2020:3280 https://access.redhat.com/errata/RHSA-2020:3280
USN-4383-1 https://usn.ubuntu.com/4383-1/
USN-4397-1 https://usn.ubuntu.com/4397-1/
USN-4397-2 https://usn.ubuntu.com/4397-2/
USN-4421-1 https://usn.ubuntu.com/4421-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.25575
EPSS Score 0.0009
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:26:23.491251+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2020/mfsa2020-22.yml 38.6.0