{"id":"CVE-2020-12399","details":"NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird \u003c 68.9.0, Firefox \u003c 77, and Firefox ESR \u003c 68.9.","modified":"2026-03-15T22:32:28.932516Z","published":"2020-07-09T15:15:10.757Z","related":["SUSE-SU-2020:14418-1","SUSE-SU-2020:1677-1","SUSE-SU-2020:1839-1","openSUSE-SU-2020:0854-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:11058-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2020-22/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-49"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4421-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4726"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2020-20/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2020-21/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1631576"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12399.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"77.0"}]},{"events":[{"introduced":"0"},{"fixed":"68.9.0"}]},{"events":[{"introduced":"0"},{"fixed":"68.9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}]}