Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-12399 (GCVE-0-2020-12399)
Vulnerability from cvelistv5 – Published: 2020-07-09 14:52 – Updated: 2024-08-04 11:56
VLAI?
EPSS
Summary
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Severity ?
No CVSS data available.
CWE
- Timing attack on DSA signatures in NSS library
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_MISC |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 | x_refsource_MISC |
| https://www.debian.org/security/2020/dsa-4726 | vendor-advisoryx_refsource_DEBIAN |
| https://usn.ubuntu.com/4421-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://security.gentoo.org/glsa/202007-49 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Affected:
unspecified , < 68.9.0
(custom)
|
|
| Mozilla | Firefox |
Affected:
unspecified , < 77
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 68.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:51.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"
},
{
"name": "DSA-4726",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4726"
},
{
"name": "USN-4421-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4421-1/"
},
{
"name": "GLSA-202007-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-49"
},
{
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "68.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "77",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "68.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Timing attack on DSA signatures in NSS library",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-29T21:06:18.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"
},
{
"name": "DSA-4726",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4726"
},
{
"name": "USN-4421-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4421-1/"
},
{
"name": "GLSA-202007-49",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-49"
},
{
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-12399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68.9.0"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "77"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68.9"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Timing attack on DSA signatures in NSS library"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-20/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-21/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-22/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"
},
{
"name": "DSA-4726",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4726"
},
{
"name": "USN-4421-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4421-1/"
},
{
"name": "GLSA-202007-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-49"
},
{
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2020-12399",
"datePublished": "2020-07-09T14:52:16.000Z",
"dateReserved": "2020-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:56:51.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-12399",
"date": "2026-05-24",
"epss": "0.00097",
"percentile": "0.26504"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"77.0\", \"matchCriteriaId\": \"953DA746-3B0F-4926-B859-CA94CD65E4F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"68.9.0\", \"matchCriteriaId\": \"7113E7DB-1A88-4F93-AC2E-26DD06078EE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"68.9.0\", \"matchCriteriaId\": \"A5275EC9-3455-4BAE-A71E-13205D5123E6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.\"}, {\"lang\": \"es\", \"value\": \"NSS ha mostrado diferencias de sincronizaci\\u00f3n cuando se llevan a cabo firmas DSA, que fue explotable y eventualmente podr\\u00eda filtrar claves privadas. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0, Firefox versiones anteriores a 77 y Firefox ESR versiones anteriores a 68.9\"}]",
"id": "CVE-2020-12399",
"lastModified": "2024-11-21T04:59:38.543",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:H/Au:N/C:P/I:N/A:N\", \"baseScore\": 1.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 1.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-07-09T15:15:10.757",
"references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1631576\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html\", \"source\": \"security@mozilla.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202007-49\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4421-1/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4726\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-20/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-21/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-22/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1631576\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202007-49\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4421-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4726\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-20/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-21/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-22/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-203\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-12399\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2020-07-09T15:15:10.757\",\"lastModified\":\"2024-11-21T04:59:38.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.\"},{\"lang\":\"es\",\"value\":\"NSS ha mostrado diferencias de sincronizaci\u00f3n cuando se llevan a cabo firmas DSA, que fue explotable y eventualmente podr\u00eda filtrar claves privadas. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0, Firefox versiones anteriores a 77 y Firefox ESR versiones anteriores a 68.9\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":1.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-203\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"77.0\",\"matchCriteriaId\":\"953DA746-3B0F-4926-B859-CA94CD65E4F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"68.9.0\",\"matchCriteriaId\":\"7113E7DB-1A88-4F93-AC2E-26DD06078EE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"68.9.0\",\"matchCriteriaId\":\"A5275EC9-3455-4BAE-A71E-13205D5123E6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1631576\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202007-49\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4421-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4726\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-20/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-21/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-22/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1631576\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202007-49\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4421-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4726\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-20/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-21/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-22/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2020-AVI-336
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 68.9",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 77",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-12411",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12411"
},
{
"name": "CVE-2020-12409",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12409"
},
{
"name": "CVE-2020-12407",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12407"
},
{
"name": "CVE-2020-12406",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12406"
},
{
"name": "CVE-2020-12405",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12405"
},
{
"name": "CVE-2020-12399",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12399"
},
{
"name": "CVE-2020-12408",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12408"
},
{
"name": "CVE-2020-12410",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12410"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-336",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-21 du 02 juin 2020",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-20 du 02 juin 2020",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/"
}
]
}
CERTFR-2020-AVI-344
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 68.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 68.9",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-12406",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12406"
},
{
"name": "CVE-2020-12405",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12405"
},
{
"name": "CVE-2020-12398",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12398"
},
{
"name": "CVE-2020-12399",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12399"
},
{
"name": "CVE-2020-12410",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12410"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-344",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-22 du 02 juin 2020",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/"
}
]
}
CERTFR-2020-AVI-336
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 68.9",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 77",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-12411",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12411"
},
{
"name": "CVE-2020-12409",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12409"
},
{
"name": "CVE-2020-12407",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12407"
},
{
"name": "CVE-2020-12406",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12406"
},
{
"name": "CVE-2020-12405",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12405"
},
{
"name": "CVE-2020-12399",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12399"
},
{
"name": "CVE-2020-12408",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12408"
},
{
"name": "CVE-2020-12410",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12410"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-336",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Firefox.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-21 du 02 juin 2020",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-20 du 02 juin 2020",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/"
}
]
}
CERTFR-2020-AVI-344
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Mozilla Thunderbird. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 68.9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 68.9",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-12406",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12406"
},
{
"name": "CVE-2020-12405",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12405"
},
{
"name": "CVE-2020-12398",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12398"
},
{
"name": "CVE-2020-12399",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12399"
},
{
"name": "CVE-2020-12410",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12410"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-344",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla\nThunderbird. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution\nde code arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Thunderbird",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2020-22 du 02 juin 2020",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/"
}
]
}
BDU:2021-00099
Vulnerability from fstec - Published: 02.06.2020
VLAI Severity ?
Title
Уязвимость подписи DSA веб-браузеров программного обеспечения Firefox, Firefox-esr и Thunderbird, связанная с раскрытием информации в результате расхождений, позволяющая нарушителю получить доступ к конфиденциальным данным
Description
Уязвимость подписи DSA веб-браузеров Firefox ESR и Firefox и почтового клиента Thunderbird связана с раскрытием информации через несоответствие. Эксплуатация уязвимости может позволить нарушителю получить доступ к конфиденциальным данным
Severity ?
Vendor
Canonical Ltd., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Mozilla Corp., АО «Концерн ВНИИНС», АО «ИВК»
Software Name
Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Firefox, Firefox ESR, Thunderbird, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), Альт 8 СП (запись в едином реестре российских программ №4305)
Software Version
16.04 LTS (Ubuntu), 1.5 «Смоленск» (Astra Linux Special Edition), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 19.10 (Ubuntu), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), до 77 (Firefox), до 68.9 (Firefox ESR), до 68.9.0 (Thunderbird), 1.0 (ОС ОН «Стрелец»), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (Альт 8 СП), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций производителя:
Для Firefox:
Обновление программного обеспечения до 77.0-1 или более поздней версии
Для Debian:
Обновление программного обеспечения (пакета firefox) до 77.0-1 или более поздней версии
Обновление программного обеспечения (пакета firefox-esr) до 1:68.9.0-1~deb10u1 или более поздней версии
Обновление программного обеспечения (пакета thunderbird) до 1:68.9.0-1~deb10u1 или более поздней версии
Для Firefox-esr:
Обновление программного обеспечения до 68.9.0esr-1~deb9u1 или более поздней версии
Для Thunderbird:
Обновление программного обеспечения до 1:68.9.0-1~deb9u1 или более поздней версии
Для Ubuntu:
https://usn.ubuntu.com/4421-1/
Для Astra Linux:
https://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111
https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для ОС ОН «Стрелец»:
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie
Для ОС ОН «Стрелец»:
Обновление программного обеспечения nss до версии 2:3.26.2-1.1+deb9u5
Обновление программного обеспечения firefox-esr до версии 91.13.0esr+repack-1~deb10u1.osnova1.strelets
Обновление программного обеспечения thunderbird до версии 1:91.13.0+repack-1~deb10u1.osnova1.strelets
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html
https://nvd.nist.gov/vuln/detail/CVE-2020-12399
https://security.gentoo.org/glsa/202007-49
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie
https://usn.ubuntu.com/4421-1/
https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15
https://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111
https://www.debian.org/security/2020/dsa-4726
https://www.mozilla.org/security/advisories/mfsa2020-20/
https://www.mozilla.org/security/advisories/mfsa2020-21/
https://www.mozilla.org/security/advisories/mfsa2020-22/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-203
{
"CVSS 2.0": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Mozilla Corp., \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 19.10 (Ubuntu), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), \u0434\u043e 77 (Firefox), \u0434\u043e 68.9 (Firefox ESR), \u0434\u043e 68.9.0 (Thunderbird), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f Firefox:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 77.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 firefox) \u0434\u043e 77.0-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 firefox-esr) \u0434\u043e 1:68.9.0-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 thunderbird) \u0434\u043e 1:68.9.0-1~deb10u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Firefox-esr:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 68.9.0esr-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Thunderbird:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1:68.9.0-1~deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/4421-1/\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f nss \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2:3.26.2-1.1+deb9u5\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 91.13.0esr+repack-1~deb10u1.osnova1.strelets\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f thunderbird \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:91.13.0+repack-1~deb10u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.06.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.01.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-00099",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-12399",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Firefox, Firefox ESR, Thunderbird, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS 32-bit, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb 64-bit (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 19.10 , Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 20.10 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u043f\u0438\u0441\u0438 DSA \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Firefox, Firefox-esr \u0438 Thunderbird, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0439 (CWE-203)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434\u043f\u0438\u0441\u0438 DSA \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Firefox ESR \u0438 Firefox \u0438 \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430 Thunderbird \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12399\nhttps://security.gentoo.org/glsa/202007-49\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\nhttps://usn.ubuntu.com/4421-1/\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=117998111\nhttps://www.debian.org/security/2020/dsa-4726\nhttps://www.mozilla.org/security/advisories/mfsa2020-20/\nhttps://www.mozilla.org/security/advisories/mfsa2020-21/\nhttps://www.mozilla.org/security/advisories/mfsa2020-22/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-203",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,2)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,7)"
}
CNVD-2020-39017
Vulnerability from cnvd - Published: 2020-07-15
VLAI Severity ?
Title
Mozilla Network Security Services信息泄露漏洞(CNVD-2020-39017)
Description
Mozilla Network Security Services(NSS)是美国Mozilla基金会的一个函数库(网络安全服务库)。该产品可跨平台提供SSL、S/MIME和其他Internet安全标准支持。
Mozilla NSS 3.52.1之前版本中存在安全漏洞。攻击者可利用该漏洞泄露私钥。
Severity
中
Patch Name
Mozilla Network Security Services信息泄露漏洞(CNVD-2020-39017)的补丁
Patch Description
Mozilla Network Security Services(NSS)是美国Mozilla基金会的一个函数库(网络安全服务库)。该产品可跨平台提供SSL、S/MIME和其他Internet安全标准支持。
Mozilla NSS 3.52.1之前版本中存在安全漏洞。攻击者可利用该漏洞泄露私钥。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.52.1_release_notes
Reference
https://vigilance.fr/vulnerability/Mozilla-NSS-vulnerability-via-DSA-32310
Impacted products
| Name | Mozilla Thunderbird <68.9.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-12399"
}
},
"description": "Mozilla Network Security Services\uff08NSS\uff09\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u51fd\u6570\u5e93\uff08\u7f51\u7edc\u5b89\u5168\u670d\u52a1\u5e93\uff09\u3002\u8be5\u4ea7\u54c1\u53ef\u8de8\u5e73\u53f0\u63d0\u4f9bSSL\u3001S/MIME\u548c\u5176\u4ed6Internet\u5b89\u5168\u6807\u51c6\u652f\u6301\u3002\n\nMozilla NSS 3.52.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u79c1\u94a5\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.52.1_release_notes",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-39017",
"openTime": "2020-07-15",
"patchDescription": "Mozilla Network Security Services\uff08NSS\uff09\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u51fd\u6570\u5e93\uff08\u7f51\u7edc\u5b89\u5168\u670d\u52a1\u5e93\uff09\u3002\u8be5\u4ea7\u54c1\u53ef\u8de8\u5e73\u53f0\u63d0\u4f9bSSL\u3001S/MIME\u548c\u5176\u4ed6Internet\u5b89\u5168\u6807\u51c6\u652f\u6301\u3002\r\n\r\nMozilla NSS 3.52.1\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u79c1\u94a5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Mozilla Network Security Services\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-39017\uff09\u7684\u8865\u4e01",
"products": {
"product": "Mozilla Thunderbird \u003c68.9.0"
},
"referenceLink": "https://vigilance.fr/vulnerability/Mozilla-NSS-vulnerability-via-DSA-32310",
"serverity": "\u4e2d",
"submitTime": "2020-05-21",
"title": "Mozilla Network Security Services\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-39017\uff09"
}
FKIE_CVE-2020-12399
Vulnerability from fkie_nvd - Published: 2020-07-09 15:15 - Updated: 2024-11-21 04:59
Severity ?
Summary
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_esr | * | |
| mozilla | thunderbird | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "953DA746-3B0F-4926-B859-CA94CD65E4F2",
"versionEndExcluding": "77.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7113E7DB-1A88-4F93-AC2E-26DD06078EE4",
"versionEndExcluding": "68.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5275EC9-3455-4BAE-A71E-13205D5123E6",
"versionEndExcluding": "68.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
},
{
"lang": "es",
"value": "NSS ha mostrado diferencias de sincronizaci\u00f3n cuando se llevan a cabo firmas DSA, que fue explotable y eventualmente podr\u00eda filtrar claves privadas. Esta vulnerabilidad afecta a Thunderbird versiones anteriores a 68.9.0, Firefox versiones anteriores a 77 y Firefox ESR versiones anteriores a 68.9"
}
],
"id": "CVE-2020-12399",
"lastModified": "2024-11-21T04:59:38.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-09T15:15:10.757",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"
},
{
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-49"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4421-1/"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4726"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4421-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-FQ62-4J88-QQ7X
Vulnerability from github – Published: 2022-05-24 17:22 – Updated: 2022-05-24 17:22
VLAI?
Details
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
{
"affected": [],
"aliases": [
"CVE-2020-12399"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-07-09T15:15:00Z",
"severity": "MODERATE"
},
"details": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"id": "GHSA-fq62-4j88-qq7x",
"modified": "2022-05-24T17:22:37Z",
"published": "2022-05-24T17:22:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12399"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-49"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4421-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4726"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-20"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-21"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-22"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2020-12399
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-12399",
"description": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"id": "GSD-2020-12399",
"references": [
"https://www.suse.com/security/cve/CVE-2020-12399.html",
"https://www.debian.org/security/2020/dsa-4726",
"https://www.debian.org/security/2020/dsa-4702",
"https://www.debian.org/security/2020/dsa-4695",
"https://access.redhat.com/errata/RHSA-2020:3280",
"https://ubuntu.com/security/CVE-2020-12399",
"https://security.archlinux.org/CVE-2020-12399"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-12399"
],
"details": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"id": "GSD-2020-12399",
"modified": "2023-12-13T01:21:49.566600Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-12399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68.9.0"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "77"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68.9"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Timing attack on DSA signatures in NSS library"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-20/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-21/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-22/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"
},
{
"name": "DSA-4726",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4726"
},
{
"name": "USN-4421-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4421-1/"
},
{
"name": "GLSA-202007-49",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-49"
},
{
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
]
}
},
"mozilla.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-12399"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "77"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "68.9.0"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Firefox ESR \u003c 68.9, Firefox \u003c 77, and Thunderbird \u003c 68.9.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Timing attack on DSA signatures in NSS library"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "77.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "68.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "68.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2020-12399"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-20/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-20/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-21/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-21/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2020-22/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2020-22/"
},
{
"name": "DSA-4726",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4726"
},
{
"name": "USN-4421-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4421-1/"
},
{
"name": "GLSA-202007-49",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-49"
},
{
"name": "[debian-lts-announce] 20200929 [SECURITY] [DLA 2388-1] nss security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-01-04T16:38Z",
"publishedDate": "2020-07-09T15:15Z"
}
}
}
OPENSUSE-SU-2020:0854-1
Vulnerability from csaf_opensuse - Published: 2020-06-24 04:17 - Updated: 2020-06-24 04:17Summary
Security update for mozilla-nspr, mozilla-nss
Severity
Important
Notes
Title of the patch: Security update for mozilla-nspr, mozilla-nss
Description of the patch: This update for mozilla-nspr, mozilla-nss fixes the following issues:
mozilla-nss was updated to version 3.53
- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).
- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).
Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes
mozilla-nspr to version 4.25
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2020-854
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.8 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mozilla-nspr, mozilla-nss",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mozilla-nspr, mozilla-nss fixes the following issues:\n\nmozilla-nss was updated to version 3.53\n\n- CVE-2020-12399: Fixed a timing attack on DSA signature generation (bsc#1171978).\n- CVE-2019-17006: Added length checks for cryptographic primitives (bsc#1159819).\nRelease notes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53_release_notes\n\nmozilla-nspr to version 4.25\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-854",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0854-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0854-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HXBTGBKRMQSNENPDBPRN6BJXXF2PQMP4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0854-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HXBTGBKRMQSNENPDBPRN6BJXXF2PQMP4/"
},
{
"category": "self",
"summary": "SUSE Bug 1159819",
"url": "https://bugzilla.suse.com/1159819"
},
{
"category": "self",
"summary": "SUSE Bug 1169746",
"url": "https://bugzilla.suse.com/1169746"
},
{
"category": "self",
"summary": "SUSE Bug 1171978",
"url": "https://bugzilla.suse.com/1171978"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17006 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12399 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12399/"
}
],
"title": "Security update for mozilla-nspr, mozilla-nss",
"tracking": {
"current_release_date": "2020-06-24T04:17:54Z",
"generator": {
"date": "2020-06-24T04:17:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0854-1",
"initial_release_date": "2020-06-24T04:17:54Z",
"revision_history": [
{
"date": "2020-06-24T04:17:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libfreebl3-3.53-lp151.2.23.1.i586",
"product": {
"name": "libfreebl3-3.53-lp151.2.23.1.i586",
"product_id": "libfreebl3-3.53-lp151.2.23.1.i586"
}
},
{
"category": "product_version",
"name": "libfreebl3-hmac-3.53-lp151.2.23.1.i586",
"product": {
"name": "libfreebl3-hmac-3.53-lp151.2.23.1.i586",
"product_id": "libfreebl3-hmac-3.53-lp151.2.23.1.i586"
}
},
{
"category": "product_version",
"name": "libsoftokn3-3.53-lp151.2.23.1.i586",
"product": {
"name": "libsoftokn3-3.53-lp151.2.23.1.i586",
"product_id": "libsoftokn3-3.53-lp151.2.23.1.i586"
}
},
{
"category": "product_version",
"name": "libsoftokn3-hmac-3.53-lp151.2.23.1.i586",
"product": {
"name": "libsoftokn3-hmac-3.53-lp151.2.23.1.i586",
"product_id": "libsoftokn3-hmac-3.53-lp151.2.23.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-4.25-lp151.2.9.1.i586",
"product": {
"name": "mozilla-nspr-4.25-lp151.2.9.1.i586",
"product_id": "mozilla-nspr-4.25-lp151.2.9.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-devel-4.25-lp151.2.9.1.i586",
"product": {
"name": "mozilla-nspr-devel-4.25-lp151.2.9.1.i586",
"product_id": "mozilla-nspr-devel-4.25-lp151.2.9.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.53-lp151.2.23.1.i586",
"product": {
"name": "mozilla-nss-3.53-lp151.2.23.1.i586",
"product_id": "mozilla-nss-3.53-lp151.2.23.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-certs-3.53-lp151.2.23.1.i586",
"product": {
"name": "mozilla-nss-certs-3.53-lp151.2.23.1.i586",
"product_id": "mozilla-nss-certs-3.53-lp151.2.23.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-devel-3.53-lp151.2.23.1.i586",
"product": {
"name": "mozilla-nss-devel-3.53-lp151.2.23.1.i586",
"product_id": "mozilla-nss-devel-3.53-lp151.2.23.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-sysinit-3.53-lp151.2.23.1.i586",
"product": {
"name": "mozilla-nss-sysinit-3.53-lp151.2.23.1.i586",
"product_id": "mozilla-nss-sysinit-3.53-lp151.2.23.1.i586"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.53-lp151.2.23.1.i586",
"product": {
"name": "mozilla-nss-tools-3.53-lp151.2.23.1.i586",
"product_id": "mozilla-nss-tools-3.53-lp151.2.23.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libfreebl3-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "libfreebl3-3.53-lp151.2.23.1.x86_64",
"product_id": "libfreebl3-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreebl3-32bit-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "libfreebl3-32bit-3.53-lp151.2.23.1.x86_64",
"product_id": "libfreebl3-32bit-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreebl3-hmac-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "libfreebl3-hmac-3.53-lp151.2.23.1.x86_64",
"product_id": "libfreebl3-hmac-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"product_id": "libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "libsoftokn3-3.53-lp151.2.23.1.x86_64",
"product_id": "libsoftokn3-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64",
"product_id": "libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64",
"product_id": "libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"product_id": "libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-4.25-lp151.2.9.1.x86_64",
"product": {
"name": "mozilla-nspr-4.25-lp151.2.9.1.x86_64",
"product_id": "mozilla-nspr-4.25-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64",
"product": {
"name": "mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64",
"product_id": "mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64",
"product": {
"name": "mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64",
"product_id": "mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "mozilla-nss-3.53-lp151.2.23.1.x86_64",
"product_id": "mozilla-nss-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64",
"product_id": "mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-certs-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "mozilla-nss-certs-3.53-lp151.2.23.1.x86_64",
"product_id": "mozilla-nss-certs-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64",
"product_id": "mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-devel-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "mozilla-nss-devel-3.53-lp151.2.23.1.x86_64",
"product_id": "mozilla-nss-devel-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64",
"product_id": "mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64",
"product_id": "mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozilla-nss-tools-3.53-lp151.2.23.1.x86_64",
"product": {
"name": "mozilla-nss-tools-3.53-lp151.2.23.1.x86_64",
"product_id": "mozilla-nss-tools-3.53-lp151.2.23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.53-lp151.2.23.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.i586"
},
"product_reference": "libfreebl3-3.53-lp151.2.23.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "libfreebl3-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-32bit-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "libfreebl3-32bit-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-hmac-3.53-lp151.2.23.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.i586"
},
"product_reference": "libfreebl3-hmac-3.53-lp151.2.23.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-hmac-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "libfreebl3-hmac-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-3.53-lp151.2.23.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.i586"
},
"product_reference": "libsoftokn3-3.53-lp151.2.23.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "libsoftokn3-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-hmac-3.53-lp151.2.23.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.i586"
},
"product_reference": "libsoftokn3-hmac-3.53-lp151.2.23.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-4.25-lp151.2.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.i586"
},
"product_reference": "mozilla-nspr-4.25-lp151.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-4.25-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.x86_64"
},
"product_reference": "mozilla-nspr-4.25-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64"
},
"product_reference": "mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-devel-4.25-lp151.2.9.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.i586"
},
"product_reference": "mozilla-nspr-devel-4.25-lp151.2.9.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64"
},
"product_reference": "mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.53-lp151.2.23.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.i586"
},
"product_reference": "mozilla-nss-3.53-lp151.2.23.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "mozilla-nss-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-certs-3.53-lp151.2.23.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.i586"
},
"product_reference": "mozilla-nss-certs-3.53-lp151.2.23.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-certs-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "mozilla-nss-certs-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-devel-3.53-lp151.2.23.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.i586"
},
"product_reference": "mozilla-nss-devel-3.53-lp151.2.23.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-devel-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "mozilla-nss-devel-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-sysinit-3.53-lp151.2.23.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.i586"
},
"product_reference": "mozilla-nss-sysinit-3.53-lp151.2.23.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.53-lp151.2.23.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.i586"
},
"product_reference": "mozilla-nss-tools-3.53-lp151.2.23.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozilla-nss-tools-3.53-lp151.2.23.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.x86_64"
},
"product_reference": "mozilla-nss-tools-3.53-lp151.2.23.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-17006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17006"
}
],
"notes": [
{
"category": "general",
"text": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17006",
"url": "https://www.suse.com/security/cve/CVE-2019-17006"
},
{
"category": "external",
"summary": "SUSE Bug 1159819 for CVE-2019-17006",
"url": "https://bugzilla.suse.com/1159819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-24T04:17:54Z",
"details": "moderate"
}
],
"title": "CVE-2019-17006"
},
{
"cve": "CVE-2020-12399",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12399"
}
],
"notes": [
{
"category": "general",
"text": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12399",
"url": "https://www.suse.com/security/cve/CVE-2020-12399"
},
{
"category": "external",
"summary": "SUSE Bug 1171978 for CVE-2020-12399",
"url": "https://bugzilla.suse.com/1171978"
},
{
"category": "external",
"summary": "SUSE Bug 1172402 for CVE-2020-12399",
"url": "https://bugzilla.suse.com/1172402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libfreebl3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libfreebl3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:libsoftokn3-hmac-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:libsoftokn3-hmac-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-32bit-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.i586",
"openSUSE Leap 15.1:mozilla-nspr-devel-4.25-lp151.2.9.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-certs-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-certs-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-devel-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-sysinit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-sysinit-32bit-3.53-lp151.2.23.1.x86_64",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.i586",
"openSUSE Leap 15.1:mozilla-nss-tools-3.53-lp151.2.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-06-24T04:17:54Z",
"details": "moderate"
}
],
"title": "CVE-2020-12399"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…