CVE-2017-5462

Published: Jun 11, 2018Modified: Nov 25, 2025

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Affected (6)

Products: Debian: Debian Linux · Mozilla: Firefox, Network Security Services, Thunderbird

1 product

3 products

Network Security Services

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 45.9.0
Mozilla Firefox	Before 53.0
Mozilla Firefox	Version 52.0
Mozilla Network Security Services	Before 3.28.4
Mozilla Thunderbird	Before 52.1.0

Related CWEs

Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References (20)

http://www.securityfocus.com/bid/97940

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038320

Source: security@mozilla.org

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1345089

Source: security@mozilla.org

Issue Tracking

https://security.gentoo.org/glsa/201705-04

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2017/dsa-3831

Source: security@mozilla.org

Third Party Advisory

https://www.debian.org/security/2017/dsa-3872

Source: security@mozilla.org

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2017-10/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-11/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-12/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-13/

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/97940

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038320

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=1345089

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://security.gentoo.org/glsa/201705-04

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2017/dsa-3831

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2017/dsa-3872

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.mozilla.org/security/advisories/mfsa2017-10/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-11/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-12/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-13/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.