When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 80.0 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | nspr-0:4.25.0-2.el7_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | nss-0:3.53.1-3.el7_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | nss-softokn-0:3.53.1-6.el7_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | nss-util-0:3.53.1-1.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | nss-0:3.53.1-17.el8_3 | * |
| Red Hat OpenShift Do | RedHat | openshiftdo/odo-init-image-rhel7:1.1.3-2 | * |
| Firefox | Ubuntu | bionic | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | focal | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Nss | Ubuntu | bionic | * |
| Nss | Ubuntu | devel | * |
| Nss | Ubuntu | esm-infra-legacy/trusty | * |
| Nss | Ubuntu | esm-infra/bionic | * |
| Nss | Ubuntu | esm-infra/focal | * |
| Nss | Ubuntu | esm-infra/xenial | * |
| Nss | Ubuntu | focal | * |
| Nss | Ubuntu | trusty | * |
| Nss | Ubuntu | trusty/esm | * |
| Nss | Ubuntu | upstream | * |
| Nss | Ubuntu | xenial | * |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1631583
- https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html
- https://www.mozilla.org/security/advisories/mfsa2020-36/
- https://www.mozilla.org/security/advisories/mfsa2020-39/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1631583
- https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html
- https://www.mozilla.org/security/advisories/mfsa2020-36/
- https://www.mozilla.org/security/advisories/mfsa2020-39/