CVE-2017-5462

CWE-6829 documents8 sources

Severity

5.3MEDIUM

EPSS

1.1%

top 22.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird +2 more

Timeline

PublishedJun 11

Latest updateMay 13

Description

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

▶CVEListV5mozilla/firefoxunspecified — 53

▶NVDmozilla/firefox< 45.9.0+2

▶CVEListV5mozilla/firefox_esrunspecified — 45.9+1

▶Debianfirefox-esr< 45.9.0esr-1+3

▶NVDmozilla/network_security_services< 3.28.4

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-cv99-mqp9-mr8m: A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over↗2022-05-13

▶

OSV

CVE-2017-5462: A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over↗2018-06-11

▶

CVEList

CVE-2017-5462: A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over↗2018-06-11

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2017-05-16

▶

Ubuntu

Firefox vulnerabilities↗2017-04-21

▶

Red Hat

nss: DRBG flaw in NSS↗2017-04-19

▶

Debian

CVE-2017-5462: firefox - A flaw in DRBG number generation within the Network Security Services (NSS) libr...↗2017

▶

💬Community

Bugzilla

CVE-2017-5462 nss: DRBG flaw in NSS↗2017-04-19

▶