Published: 09/07/2020 Updated: 04/01/2022

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.8

VMScore: 107

Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N

It exists that NSS incorrectly handled the TLS State Machine. A remote attacker could possibly use this issue to cause NSS to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-17023)

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
mozilla firefox esr
mozilla thunderbird
debian debian linux 9.0

Debian Bug report logs - #961752 nss: CVE-2020-12399 Package: src:nss; Maintainer for src:nss is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 28 May 2020 19:45:01 UTC Severity: important Tags: security, upstream Found ...

Several security issues were fixed in NSS ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

NSS could be made to expose sensitive information over the network ...

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or a timing attack on cryptographic keys For the oldstable distribution (stretch), these problems have been fixed in version 6890esr-1~deb9u1 For the stable distribution (buster), these problems have bee ...

Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in side channel/timing attacks or denial of service For the stable distribution (buster), these problems have been fixed in version 2:3421-1+deb10u3 We recommend that you upgrade your nss packages For the detailed security status of nss please re ...

Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the execution of arbitrary code For the oldstable distribution (stretch), this problem has been fixed in version 1:6890-1~deb9u1 For the stable distribution (buster), this problem has been ...

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys ...

Mozilla Foundation Security Advisory 2020-20 Security Vulnerabilities fixed in Firefox 77 Announced June 2, 2020 Impact high Products Firefox Fixed in Firefox 77 ...

Mozilla Foundation Security Advisory 2020-22 Security Vulnerabilities fixed in Thunderbird 6890 Announced June 2, 2020 Impact high Products Thunderbird Fixed in Thunderbird 689 ...

Mozilla Foundation Security Advisory 2020-21 Security Vulnerabilities fixed in Firefox ESR 689 Announced June 2, 2020 Impact high Products Firefox ESR Fixed in Firefox ESR 689 ...

Update Firefox: Mozilla just patched three hijack-me holes and a bunch of other flaws

The Register • Shaun Nichols in San Francisco • 04 Jun 2020

Plus: Zoom fixes code-execution security bugs Prepare to have your shonky password hygiene shamed by Firefox 76

Mozilla has emitted security updates for Firefox to address eight CVE-listed security flaws, five of them considered to be high-risk vulnerabilities. The patches, present in Firefox 77, should be downloaded and installed automatically for most users, so if you haven't closed out and relaunched your browser in a while, now might be a good time. Of the five high-risk flaws, three are confirmed to allow arbitrary code execution, which in the case of a web browser means that simply loading up a mali...

CVE-2020-12399

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect