CVE Published: 08/10/2020 |
CVE Updated: 04/08/2024 |
CVE Year: 2020 Source: mozilla |
Vendor: Mozilla |
Product: Firefox Status : PUBLISHED
CVE-2020-12401 Description
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80.