First published: Thu Oct 12 2023(Updated: )
It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens before any padding operations, it affects all padding modes: PKCS#1 v1.5, OAEP, and RSASVP. Both API level calls and TLS server operation are affected. References: <a href="https://people.redhat.com/~hkario/marvin/">https://people.redhat.com/~hkario/marvin/</a>
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <124 | 124 |
Mozilla Firefox ESR | <115.9 | 115.9 |
Mozilla Thunderbird | <115.9 | 115.9 |
redhat/firefox | <115.9 | 115.9 |
redhat/thunderbird | <115.9 | 115.9 |
F5 F5OS-A | =1.7.0 | |
F5 Traffix SDC | =5.2.0=5.1.0 | |
debian/firefox | 133.0.3-1 | |
debian/firefox-esr | 115.14.0esr-1~deb11u1 128.5.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.5.0esr-1~deb12u1 128.5.0esr-1 128.5.1esr-1 | |
debian/nss | <=2:3.61-1+deb11u3<=2:3.61-1+deb11u4<=2:3.87.1-1<=2:3.87.1-1+deb12u1 | 2:3.106-1 |
debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.5.0esr-1~deb11u1 1:115.16.0esr-1~deb12u1 1:128.5.0esr-1~deb12u1 1:128.5.0esr-1 1:128.5.2esr-1 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)