CVE-2013-1620 vulnerability in Mozilla and Other Products
Published on February 8, 2013

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2013-1620

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2013-1620 are published in these products:

Mozilla Network Security Services

Canonical Ubuntu Linux

Oracle Glassfish Server

Oracle Iplanet Web Proxy Server

Oracle Traffic Director

Oracle Iplanet Web Server

Oracle Vm Server

Oracle Glassfish Communications Server

Oracle Enterprise Manager Ops Center

Oracle Opensso

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Workstation

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Eus

Exploit Probability

EPSS

0.81%

Percentile

74.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-1620 vulnerability in Mozilla and Other ProductsPublished on February 8, 2013

Products Associated with CVE-2013-1620

Exploit Probability

CVE-2013-1620 vulnerability in Mozilla and Other Products
Published on February 8, 2013