vulnerability

Red Hat: CVE-2023-5388: nss: timing attack against RSA decryption (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:C/I:N/A:N)	Oct 12, 2023	Jan 10, 2024	Oct 13, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:N/A:N)

Published

Oct 12, 2023

Added

Jan 10, 2024

Modified

Oct 13, 2025

Description

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Solutions

no-fix-redhat-rpm-packageredhat-upgrade-firefoxredhat-upgrade-firefox-debuginforedhat-upgrade-firefox-debugsourceredhat-upgrade-firefox-x11redhat-upgrade-nsprredhat-upgrade-nspr-debuginforedhat-upgrade-nspr-develredhat-upgrade-nssredhat-upgrade-nss-debuginforedhat-upgrade-nss-debugsourceredhat-upgrade-nss-develredhat-upgrade-nss-softoknredhat-upgrade-nss-softokn-debuginforedhat-upgrade-nss-softokn-develredhat-upgrade-nss-softokn-freeblredhat-upgrade-nss-softokn-freebl-debuginforedhat-upgrade-nss-softokn-freebl-develredhat-upgrade-nss-sysinitredhat-upgrade-nss-sysinit-debuginforedhat-upgrade-nss-toolsredhat-upgrade-nss-tools-debuginforedhat-upgrade-nss-utilredhat-upgrade-nss-util-debuginforedhat-upgrade-nss-util-develredhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginforedhat-upgrade-thunderbird-debugsource

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today