CVE-2020-12401

{"id": "CVE-2020-12401", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2020-10-08T14:15:11.250", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1631573", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html", "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2020-36/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2020-39/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80."}, {"lang": "es", "value": "Durante la generaci\u00f3n de firmas ECDSA, fue removido el relleno aplicado en el nonce dise\u00f1ado para asegurar la multiplicaci\u00f3n escalar de tiempo constante, resultando en una ejecuci\u00f3n de tiempo variable dependiente de datos secretos.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 80 y Firefox para Android versiones anteriores a 80"}], "lastModified": "2023-02-20T17:15:11.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "334D3118-529D-4AAB-82A4-1EC3AA047D3D", "versionEndExcluding": "80.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "78F3BE06-CA45-47C1-B3FD-04DCEDDCCB5A", "versionEndExcluding": "80.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}