CVE-2013-1620

Currently unrated

Key Information:

Vendor: Mozilla
Status: Network Security Services
Vendor: CVE Published:; 8 February 2013

Summary

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/57777

vdb-entryx_refsource_BID

http://www.vmware.com/security/advisories/VMSA-2014-0012....

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 8, 2013
Vulnerability Reserved
Feb 5, 2013