4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.6%
The TLS implementation in Mozilla Network Security Services (NSS) does not
properly consider timing side-channel attacks on a noncompliant MAC check
operation during the processing of malformed CBC padding, which allows
remote attackers to conduct distinguishing attacks and plaintext-recovery
attacks via statistical analysis of timing data for crafted packets, a
related issue to CVE-2013-0169.
openwall.com/lists/oss-security/2013/02/05/24
www.isg.rhul.ac.uk/tls/TLStiming.pdf
bugzilla.mozilla.org/show_bug.cgi?id=822365
developer.mozilla.org/en-US/docs/NSS/NSS_3.14.3_release_notes
launchpad.net/bugs/cve/CVE-2013-1620
nvd.nist.gov/vuln/detail/CVE-2013-1620
security-tracker.debian.org/tracker/CVE-2013-1620
ubuntu.com/security/notices/USN-1763-1
www.cve.org/CVERecord?id=CVE-2013-1620