medium
4.3
CWE
203
EPSS
0.052%
Advisory Published
CVE Published
CVE Published
Updated

CVE-2023-6135

First published: Wed Nov 15 2023(Updated: )

Last updated 24 July 2024

Credit: security@mozilla.org

Affected SoftwareAffected VersionHow to fix
Firefox<121
121
Firefox<121.0
IBM Security Verify Governance - Identity Manager<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager<=ISVG 10.0.2
debian/firefox
137.0.2-1
debian/nss<=2:3.61-1+deb11u3<=2:3.61-1+deb11u4<=2:3.87.1-1+deb12u1
2:3.110-1

Remedy

https://hg.mozilla.org/projects/nss/rev/88262a8e60126b5168d0b96306ed5fd2de4867bb

Remedy

https://hg.mozilla.org/projects/nss/rev/a69c9f36bb8ac1c47cacb6c6ec9f06309de33951

Remedy

https://hg.mozilla.org/projects/nss/rev/e68b42b773657000078d104aaccbe26e71a1e0be

Remedy

https://hg.mozilla.org/projects/nss/rev/39f0db972e9d4803f386585bc4d8858ad6f019b8

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of CVE-2023-6135?

    CVE-2023-6135 is considered high severity due to its potential to allow remote attackers to obtain sensitive information.

  • How do I fix CVE-2023-6135?

    To fix CVE-2023-6135, users should update their Mozilla Firefox and NSS packages to the latest versions that are not affected by this vulnerability.

  • What systems are affected by CVE-2023-6135?

    CVE-2023-6135 affects Mozilla Firefox versions up to 121 and IBM Security Verify Governance components up to ISVG 10.0.2.

  • Who is at risk from CVE-2023-6135?

    Users of the affected versions of Mozilla Firefox and IBM Security Verify Governance are at risk when visiting specially crafted websites.

  • What type of attack does CVE-2023-6135 involve?

    CVE-2023-6135 involves a side-channel attack known as 'Minerva' that could exploit cryptographic vulnerabilities.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203