CVE-2023-5388

MEDIUM

Mozilla Firefox < 115.9.0 - Information Disclosure

Title source: rule

Description

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

References (7)

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html

[Issue Tracking, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1780432

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2024-12/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2024-13/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2024-14/

Scores

CVSS v3 6.5

EPSS 0.0024

EPSS Percentile 47.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-203

Status published

Products (4)

debian/debian_linux 10.0

mozilla/firefox < 115.9.0

mozilla/firefox < 124.0

mozilla/thunderbird < 115.9.0

Published Mar 19, 2024

Tracked Since Feb 18, 2026