CVE-2024-7531

Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:128.0:*:*:*:*:*:*:*

History

12 Aug 2024, 16:10

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1905691 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1905691 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2024-33/ - () https://www.mozilla.org/security/advisories/mfsa2024-33/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-34/ - () https://www.mozilla.org/security/advisories/mfsa2024-34/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2024-35/ - () https://www.mozilla.org/security/advisories/mfsa2024-35/ - Vendor Advisory
Summary
  • (es) Llamar a `PK11_Encrypt()` en NSS usando CKM_CHACHA20 y el mismo búfer para entrada y salida puede generar texto plano en un procesador Intel Sandy Bridge. En Firefox, esto solo afecta la función de protección del encabezado QUIC cuando la conexión utiliza el conjunto de cifrado ChaCha20-Poly1305. El resultado más probable es una falla en la conexión, pero si la conexión persiste a pesar de la gran pérdida de paquetes, un observador de la red podría identificar que los paquetes provienen de la misma fuente a pesar de un cambio en la ruta de la red. Esta vulnerabilidad afecta a Firefox &lt; 129, Firefox ESR &lt; 115.14 y Firefox ESR &lt; 128.1.
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:128.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Mozilla firefox
Mozilla firefox Esr
Mozilla

06 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-06 13:15

Updated : 2024-10-30 21:35


NVD link : CVE-2024-7531

Mitre link : CVE-2024-7531

CVE.ORG link : CVE-2024-7531


JSON object : View

Products Affected

mozilla

  • firefox
  • firefox_esr