Launchpad.net

CVE 2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

Related bugs and status

CVE-2020-6829 (Candidate) is related to these bugs:

Bug #1885562: [fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode

		In	Importance	Status
1885562	[fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode	nss (Ubuntu)	Medium	Fix Released
1885562	[fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode	nss (Ubuntu Bionic)	Medium	Fix Released
1885562	[fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode	nss (Ubuntu Groovy)	Medium	Fix Released
1885562	[fips] freebl_fipsSoftwareIntegrityTest fails in FIPS mode	nss (Ubuntu Focal)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-6829

Related bugs and status

Related bugs

References