CVE-2020-6829
MEDIUMFirefox < 80 - ECDSA Nonce Leak via wNAF Point Multiplication
Title source: llmDescription
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
References (4)
Core 4
Core References
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/02/msg00021.html
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1631583
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-36/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-39/
Scores
CVSS v3
5.3
EPSS
0.0058
EPSS Percentile
69.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (1)
mozilla/firefox
< 80.0 (2 CPE variants)
Published
Oct 28, 2020
Tracked Since
Feb 18, 2026