https://bugzilla.mozilla.org/show_bug.cgi?id=1623116

https://www.mozilla.org/security/advisories/mfsa2020-36/

https://www.mozilla.org/security/advisories/mfsa2020-39/

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - NSS has shown timing differences when performing DSA     signatures, which was exploitable and could eventually     leak private keys. This vulnerability affects     Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR <     68.9.(CVE-2020-12399)

  - When converting coordinates from projective to affine,     the modular inversion was not performed in constant     time, resulting in a possible timing-based side channel     attack. This vulnerability affects Firefox < 80 and     Firefox for Android < 80.(CVE-2020-12400)

  - A flaw was found in the way CHACHA20-POLY1305 was     implemented in NSS. When using multi-part Chacha20, it     could cause out-of-bounds reads. This issue was fixed     by explicitly disabling multi-part ChaCha20 (which was     not functioning correctly) and strictly enforcing tag     length. The highest threat from(CVE-2020-12403)

  - A flaw was found in the way NSS handled CCS     (ChangeCipherSpec) messages in TLS 1.3. This flaw     allows a remote attacker to send multiple CCS messages,     causing a denial of service for servers compiled with     the NSS library. The highest threat from this     vulnerability is to system availability. This flaw     affects NSS versions before 3.58.(CVE-2020-25648)

  - In Network Security Services before 3.44, a malformed     Netscape Certificate Sequence can cause NSS to crash,     resulting in a denial of service.(CVE-2019-17007)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1559 advisory.

  - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger     an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information     disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
    (CVE-2019-11719)

  - A vulnerability exists where it possible to force Network Security Services (NSS) to sign     CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in     CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This     vulnerability affects Firefox < 68. (CVE-2019-11727)

  - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited     to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)

  - In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length     checks. In cases where the application calling the library did not perform a sanity check on the inputs it     could result in a crash due to a buffer overflow. (CVE-2019-17006)

  - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting     in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming     Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)

  - When converting coordinates from projective to affine, the modular inversion was not performed in constant     time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80     and Firefox for Android < 80. (CVE-2020-12400)

  - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar     multiplication was removed, resulting in variable-time execution dependent on secret data. This     vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)

  - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean     Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform     electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.
    *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected,     but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)

  - When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which     leaked partial information about the nonce used during signature generation. Given an electro-magnetic     trace of a few signature generations, the private key could have been computed. This vulnerability affects     Firefox < 80 and Firefox for Android < 80. (CVE-2020-6829)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4076 advisory.

  - nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719)

  - nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)

  - nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)

  - nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)

  - nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023)

  - nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function     (CVE-2020-12400)

  - nss: ECDSA timing attack mitigation bypass (CVE-2020-12401)

  - nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402)

  - nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)

  - nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Security Fix(es) :

  - nss: Out-of-bounds read when importing curve25519     private key (CVE-2019-11719)

  - nss: Use-after-free in sftk_FreeSession due to improper     refcounting (CVE-2019-11756)

  - nss: Check length of inputs for cryptographic primitives     (CVE-2019-17006)

  - nss: Side channel attack on ECDSA signature generation     (CVE-2020-6829)

  - nss: P-384 and P-521 implementation uses a side-channel     vulnerable modular inversion function (CVE-2020-12400)

  - nss: ECDSA timing attack mitigation bypass     (CVE-2020-12401)

  - nss: Side channel vulnerabilities during RSA key     generation (CVE-2020-12402)

  - nss: CHACHA20-POLY1305 decryption with undersized tag     leads to out-of-bounds read (CVE-2020-12403)

  - nss: PKCS#1 v1.5 signatures can be used for TLS 1.3     (CVE-2019-11727)

  - nss: TLS 1.3 HelloRetryRequest downgrade request sets     client into invalid state (CVE-2019-17023)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4076 advisory.

  - When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger     an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information     disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
    (CVE-2019-11719)

  - A vulnerability exists where it possible to force Network Security Services (NSS) to sign     CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in     CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This     vulnerability affects Firefox < 68. (CVE-2019-11727)

  - Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited     to a denial of service). This vulnerability affects Firefox < 71. (CVE-2019-11756)

  - After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting     in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming     Application Data records will be ignored. This vulnerability affects Firefox < 72. (CVE-2019-17023)

  - When converting coordinates from projective to affine, the modular inversion was not performed in constant     time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80     and Firefox for Android < 80. (CVE-2020-12400)

  - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar     multiplication was removed, resulting in variable-time execution dependent on secret data. This     vulnerability affects Firefox < 80 and Firefox for Android < 80. (CVE-2020-12401)

  - During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean     Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform     electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes.
    *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected,     but products built on top of it might. This vulnerability affects Firefox < 78. (CVE-2020-12402)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Various vulnerabilities were fixed in nss, the Network Security Service libraries.

CVE-2018-12404

Cache side-channel variant of the Bleichenbacher attack.

CVE-2018-18508

NULL pointer dereference in several CMS functions resulting in a denial of service.

CVE-2019-11719

Out-of-bounds read when importing curve25519 private key.

CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation fault.

CVE-2019-11745

Out-of-bounds write when encrypting with a block cipher.

CVE-2019-17006

Some cryptographic primitives did not check the length of the input text, potentially resulting in overflows.

CVE-2019-17007

Handling of Netscape Certificate Sequences may crash with a NULL dereference leading to a denial of service.

CVE-2020-12399

Force a fixed length for DSA exponentiation.

CVE-2020-6829 CVE-2020-12400

Side channel attack on ECDSA signature generation.

CVE-2020-12401

ECDSA timing attack mitigation bypass.

CVE-2020-12402

Side channel vulnerabilities during RSA key generation.

CVE-2020-12403

CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read.

For Debian 9 stretch, these problems have been fixed in version 2:3.26.2-1.1+deb9u2.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4076 advisory.

  - nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719)

  - nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)

  - nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)

  - nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)

  - nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023)

  - nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function     (CVE-2020-12400)

  - nss: ECDSA timing attack mitigation bypass (CVE-2020-12401)

  - nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402)

  - nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)

  - nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. We apologize for the inconvenience.

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code.
(CVE-2020-15664, CVE-2020-15665, CVE-2020-15666, CVE-2020-15670) It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. (CVE-2020-15668).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code.
(CVE-2020-15664, CVE-2020-15665, CVE-2020-15666, CVE-2020-15670) It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829) A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. (CVE-2020-15668).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Firefox installed on the remote Windows host is prior to 80.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-36 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 80.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-36 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Updates the nss package to upstream NSS 3.55.

For details about new functionality and a list of bugs fixed in this release please see the upstream release notes

- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202008-08 (Mozilla Network Security Service (NSS): Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in NSS. Please review the       CVE identifiers referenced below for details.
  Impact :

    An attacker may be able to obtain information about secret key material.
  Workaround :

    There is no known workaround at this time.

It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. (CVE-2020-12400, CVE-2020-12401, CVE-2020-6829).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
143400	EulerOS 2.0 SP9 : nss (EulerOS-SA-2020-2487)	Nessus	Huawei Local Security Checks	medium
143390	EulerOS : nss (EulerOS-SA-2020-2500)	Nessus	Huawei Local Security Checks	medium
142720	Amazon Linux 2 : nspr (ALAS-2020-1559)	Nessus	Amazon Linux Local Security Checks	critical
142600	CentOS 7 : nss and nspr (CESA-2020:4076)	Nessus	CentOS Local Security Checks	critical
141689	Scientific Linux Security Update : nss and nspr on SL7.x x86_64 (20201001)	Nessus	Scientific Linux Local Security Checks	critical
141312	Oracle Linux 7 : nss / and / nspr (ELSA-2020-4076)	Nessus	Oracle Linux Local Security Checks	critical
141062	Debian DLA-2388-1 : nss security update	Nessus	Debian Local Security Checks	critical
141059	RHEL 7 : nss and nspr (RHSA-2020:4076)	Nessus	Red Hat Local Security Checks	critical
140265	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox regressions (USN-4474-2)	Nessus	Ubuntu Local Security Checks	medium
139908	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox vulnerabilities (USN-4474-1)	Nessus	Ubuntu Local Security Checks	medium
139789	Mozilla Firefox < 80.0	Nessus	Windows	high
139788	Mozilla Firefox < 80.0	Nessus	MacOS X Local Security Checks	high
139778	Fedora 31 : nss (2020-426fd04fd0)	Nessus	Fedora Local Security Checks	medium
139718	GLSA-202008-08 : Mozilla Network Security Service (NSS): Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	low
139633	Fedora 32 : nss (2020-481c7e285d)	Nessus	Fedora Local Security Checks	medium
139480	Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : NSS vulnerabilities (USN-4455-1)	Nessus	Ubuntu Local Security Checks	medium

CVE-2020-12400

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins