Lucene search

K

[email protected]NVD:CVE-2023-6135

HistoryDec 19, 2023 - 2:15 p.m.

CVE-2023-6135

2023-12-1914:15:07

CWE-203

[email protected]

web.nvd.nist.gov

nss

nist curves

side-channel attack

minerva

firefox

vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

20.8%

Multiple NSS NIST curves were susceptible to a side-channel attack known as “Minerva”. This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

Affected configurations

NVD

Node

mozillafirefoxRange<121.0

References

bugzilla.mozilla.org/show_bug.cgi?id=1853908

security.gentoo.org/glsa/202401-10

www.mozilla.org/security/advisories/mfsa2023-56/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

20.8%

Related for NVD:CVE-2023-6135

prion1 redhat17 oraclelinux3 nessus24 debiancve1 cve1 alpinelinux1 almalinux2 osv7 amazon1 ubuntucve1 redhatcve1 rocky1 cvelist1 ubuntu4 openvas7 mozilla1 kaspersky1 ibm5 gentoo1 hp1