CVE-2023-5388
Published: 23 October 2023
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
Notes
| Author | Note |
|---|---|
| mdeslaur | incomplete fix for CVE-2023-4421 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
focal |
Released
(124.0+build1-0ubuntu0.20.04.1)
|
| jammy |
Not vulnerable
(code not present)
|
|
| mantic |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
|
mozjs102 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Needs triage
|
|
| mantic |
Needs triage
|
|
| upstream |
Needs triage
|
|
|
mozjs38 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
mozjs52 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
mozjs68 Launchpad, Ubuntu, Debian |
focal |
Needs triage
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
mozjs78 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Needs triage
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
mozjs91 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Needs triage
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
nss Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| focal |
Released
(2:3.98-0ubuntu0.20.04.1)
|
|
| jammy |
Released
(2:3.98-0ubuntu0.22.04.1)
|
|
| lunar |
Ignored
(end of life, was deferred [2024-02-19])
|
|
| mantic |
Released
(2:3.98-0ubuntu0.23.10.1)
|
|
| trusty |
Needed
|
|
| upstream |
Released
(3.90.2,3.98)
|
|
| xenial |
Needed
|
|
|
Patches: vendor: https://git.rockylinux.org/staging/rpms/nss/-/commit/1f7f7523b61a2ada2f461548c4160fbbf979c5dd upstream: https://hg.mozilla.org/projects/nss/rev/196716d8377ab427e326f20bff2d026e90ac69e2 upstream: https://hg.mozilla.org/projects/nss/rev/b090a1e5dcdfc5772671063cfe9ebeadabd29ad3 |
||
|
thunderbird Launchpad, Ubuntu, Debian |
focal |
Released
(1:115.9.0+build1-0ubuntu0.20.04.1)
|
| jammy |
Released
(1:115.9.0+build1-0ubuntu0.22.04.1)
|
|
| mantic |
Released
(1:115.9.0+build1-0ubuntu0.23.10.1)
|
|
| upstream |
Needs triage
|
|
References
- https://people.redhat.com/~hkario/marvin/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_98.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_90_2.html
- https://ubuntu.com/security/notices/USN-6703-1
- https://ubuntu.com/security/notices/USN-6717-1
- https://ubuntu.com/security/notices/USN-6727-1
- https://www.cve.org/CVERecord?id=CVE-2023-5388
- NVD
- Launchpad
- Debian