A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
[
{
"product": "Network Security Services (NSS)",
"vendor": "Mozilla",
"versions": [
{
"status": "affected",
"version": "All versions prior to NSS 3.41"
}
]
}
]
lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html
www.securityfocus.com/bid/107260
access.redhat.com/errata/RHSA-2019:2237
bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404
cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
lists.debian.org/debian-lts-announce/2020/09/msg00029.html
us-cert.cisa.gov/ics/advisories/icsa-21-040-04
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html