vulnerability

Oracle Linux: CVE-2020-12402: ELSA-2020-3280: nss and nspr security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)

Try Surface Command
Back to search
Severity
1
CVSS
(AV:L/AC:H/Au:N/C:P/I:N/A:N)
Published
Jun 2, 2020
Added
Aug 5, 2020
Modified
Dec 3, 2025

Description

During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.
A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality.

Solutions

oracle-linux-upgrade-nsproracle-linux-upgrade-nspr-develoracle-linux-upgrade-nssoracle-linux-upgrade-nss-develoracle-linux-upgrade-nss-pkcs11-develoracle-linux-upgrade-nss-softoknoracle-linux-upgrade-nss-softokn-develoracle-linux-upgrade-nss-softokn-freebloracle-linux-upgrade-nss-softokn-freebl-develoracle-linux-upgrade-nss-sysinitoracle-linux-upgrade-nss-toolsoracle-linux-upgrade-nss-utiloracle-linux-upgrade-nss-util-devel

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today