Vulnerability CVE-2018-12404


Published: 2019-05-02

Description:
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

Type:

CWE-310

(Cryptographic Issues)

Vendor: Mozilla
Product: Network security services 
Version:
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.9
3.8
3.7.7
3.7.5
3.7.3
3.7.2
3.7.1
3.7
3.6.1
3.6
3.5
3.4.3
3.4.2
3.4.1
3.4
3.39
3.38
3.37.3
3.37.1
3.37
3.36.4
3.36.2
3.36.1
3.36
3.35
3.34.1
3.34
3.33
3.32
3.31.1
3.31
3.30.2
3.30.1
3.30
3.3.2
3.3.1
3.29.5
3.29.3
3.29.2
3.29.1
3.29
3.28.5
3.28.4
3.28.3
3.28.2
3.28.1
3.28.0
3.28
3.27.2
3.27.1
3.27.0
3.27
3.26.2
3.26.0
3.26
3.25.1
3.25.0
3.25
3.24
3.23
3.22.2
3.22.1
3.22
3.21.4
3.21.3
3.21.2
3.21.1
3.21
3.20.1
3.20.0
3.20
3.2.1
3.19.3
3.19.2.0
3.19.2
3.19.1
3.19
3.18.1
3.18
3.17.4
3.17.3
3.17.2
3.17.1
3.17
3.16.6
3.16.5
3.16.4
3.16.3
3.16.2.3
3.16.2.2
3.16.2.1
3.16.2
3.16.1
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.securityfocus.com/bid/107260
https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404

Related CVE
CVE-2018-5123
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4.
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.3...
CVE-2019-9813
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
CVE-2019-9809
If the source for resources on a page is through an FTP connection, it is possible to trigger a series of modal alert messages for these resources through invalid credentials or locations. These messages cannot be immediately dismissed, allowing for ...
CVE-2019-9808
If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which s...
CVE-2019-9807
When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content. This could potentially be used for social engineering attacks. This vulnerability affects...
CVE-2019-9806
A vulnerability exists during authorization prompting for FTP transaction where successive modal prompts are displayed and cannot be immediately dismissed. This allows for a denial of service (DOS) attack. This vulnerability affects Firefox < 66.

Copyright 2019, cxsecurity.com

 

Back to Top