6.5

CVE-2023-5388

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEditionesr Version < 115.9.0
MozillaFirefox SwEdition- Version < 124.0
MozillaThunderbird Version < 115.9.0
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.82% 0.523
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 3.9 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html
https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html
Third Party Advisory
Mailing List
https://www.mozilla.org/security/advisories/mfsa2024-13/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-14/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1780432
Vendor Advisory
Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2024-12/
Vendor Advisory