During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 80.0 (excluding) |
Red Hat Enterprise Linux 7 | RedHat | nspr-0:4.25.0-2.el7_9 | * |
Red Hat Enterprise Linux 7 | RedHat | nss-0:3.53.1-3.el7_9 | * |
Red Hat Enterprise Linux 7 | RedHat | nss-softokn-0:3.53.1-6.el7_9 | * |
Red Hat Enterprise Linux 7 | RedHat | nss-util-0:3.53.1-1.el7_9 | * |
Red Hat Enterprise Linux 8 | RedHat | nss-0:3.53.1-17.el8_3 | * |
Red Hat OpenShift Do | RedHat | openshiftdo/odo-init-image-rhel7:1.1.3-2 | * |
Firefox | Ubuntu | bionic | * |
Firefox | Ubuntu | devel | * |
Firefox | Ubuntu | focal | * |
Firefox | Ubuntu | trusty | * |
Firefox | Ubuntu | upstream | * |
Firefox | Ubuntu | xenial | * |
Nss | Ubuntu | bionic | * |
Nss | Ubuntu | devel | * |
Nss | Ubuntu | esm-infra-legacy/trusty | * |
Nss | Ubuntu | esm-infra/bionic | * |
Nss | Ubuntu | esm-infra/focal | * |
Nss | Ubuntu | esm-infra/xenial | * |
Nss | Ubuntu | focal | * |
Nss | Ubuntu | trusty | * |
Nss | Ubuntu | trusty/esm | * |
Nss | Ubuntu | upstream | * |
Nss | Ubuntu | xenial | * |