Unrated severityNVD Advisory· Published Dec 19, 2023· Updated Feb 13, 2025

CVE-2023-6135

Description

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

Affected products

osv-coords14 versions
pkg:rpm/almalinux/nspr pkg:rpm/almalinux/nspr-devel pkg:rpm/almalinux/nss pkg:rpm/almalinux/nss-devel pkg:rpm/almalinux/nss-softokn pkg:rpm/almalinux/nss-softokn-devel pkg:rpm/almalinux/nss-softokn-freebl pkg:rpm/almalinux/nss-softokn-freebl-devel pkg:rpm/almalinux/nss-sysinit pkg:rpm/almalinux/nss-tools pkg:rpm/almalinux/nss-util pkg:rpm/almalinux/nss-util-devel pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 4.35.0-6.el9_3+ 13 more
- (no CPE)range: < 4.35.0-6.el9_3
- (no CPE)range: < 4.35.0-6.el9_3
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 3.90.0-6.el8_9
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 121.0-1.1
Mozilla Corporation/Firefoxv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000