CVE-2023-5388

2024-03-1912:15:07

Debian Security Bug Tracker

security-tracker.debian.org

timing side-channel attack

private data

firefox

thunderbird

unix

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.0%

JSON

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 124.0-1firefox_124.0-1_all.deb
Debian12allfirefox-esr< 115.9.0esr-1~deb12u1firefox-esr_115.9.0esr-1~deb12u1_all.deb
Debian11allfirefox-esr< 115.9.0esr-1~deb11u1firefox-esr_115.9.0esr-1~deb11u1_all.deb
Debian10allfirefox-esr< 115.9.1esr-1~deb10u1firefox-esr_115.9.1esr-1~deb10u1_all.deb
Debian999allfirefox-esr< 115.9.0esr-1firefox-esr_115.9.0esr-1_all.deb
Debian13allfirefox-esr< 115.9.0esr-1firefox-esr_115.9.0esr-1_all.deb
Debian12allnss<= 2:3.87.1-1nss_2:3.87.1-1_all.deb
Debian11allnss<= 2:3.61-1+deb11u3nss_2:3.61-1+deb11u3_all.deb
Debian10allnss< 2:3.42.1-1+deb10u8nss_2:3.42.1-1+deb10u8_all.deb
Debian999allnss< 2:3.98-1nss_2:3.98-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	firefox	< 124.0-1	firefox_124.0-1_all.deb
Debian	12	all	firefox-esr	< 115.9.0esr-1~deb12u1	firefox-esr_115.9.0esr-1~deb12u1_all.deb
Debian	11	all	firefox-esr	< 115.9.0esr-1~deb11u1	firefox-esr_115.9.0esr-1~deb11u1_all.deb
Debian	10	all	firefox-esr	< 115.9.1esr-1~deb10u1	firefox-esr_115.9.1esr-1~deb10u1_all.deb
Debian	999	all	firefox-esr	< 115.9.0esr-1	firefox-esr_115.9.0esr-1_all.deb
Debian	13	all	firefox-esr	< 115.9.0esr-1	firefox-esr_115.9.0esr-1_all.deb
Debian	12	all	nss	<= 2:3.87.1-1	nss_2:3.87.1-1_all.deb
Debian	11	all	nss	<= 2:3.61-1+deb11u3	nss_2:3.61-1+deb11u3_all.deb
Debian	10	all	nss	< 2:3.42.1-1+deb10u8	nss_2:3.42.1-1+deb10u8_all.deb
Debian	999	all	nss	< 2:3.98-1	nss_2:3.98-1_all.deb