An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result "POINT_AT_INFINITY" when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret. This vulnerability affects Firefox < 55.
Ocurre un error en el algoritmo de suma de puntos de curva elíptica que emplea coordenadas mixtas Jacobian-affine que pueden dar como resultado "POINT_AT_INFINITY", aunque no deberían. Un atacante Man-in-the-Middle (MitM) podría aprovecharlo para interferir con una conexión, lo que resulta en que la parte atacada calcula un secreto compartido de forma incorrecta. La vulnerabilidad afecta a Firefox en versiones anteriores a la 55.
USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a performance regression with WebExtensions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.
