CVE-2017-5462: A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS…

medium5.3CVSS 3.0

AVNACLPRNUINSUCNILAN

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	firefox	< firefox 52.0.1-1 (sid)	firefox 52.0.1-1 (sid)
debian	firefox-esr	< firefox 52.0.1-1 (sid)	firefox 52.0.1-1 (sid)
debian	nss	< firefox 52.0.1-1 (sid)	firefox 52.0.1-1 (sid)
mozilla	firefox	< 45.9.0	45.9.0
mozilla	firefox	< 53.0	53.0
mozilla	firefox	—	—
mozilla	firefox	>= 0 < 53.0.2+build1-0ubuntu0.14.04.2	53.0.2+build1-0ubuntu0.14.04.2
mozilla	firefox	>= 0 < 53.0+build6-0ubuntu0.14.04.1	53.0+build6-0ubuntu0.14.04.1
mozilla	firefox	>= 0 < 53.0.2+build1-0ubuntu0.16.04.2	53.0.2+build1-0ubuntu0.16.04.2
mozilla	firefox	>= 0 < 53.0+build6-0ubuntu0.16.04.1	53.0+build6-0ubuntu0.16.04.1
mozilla	firefox	>= unspecified < 53	53
mozilla	firefox_esr	>= unspecified < 45.9	45.9
mozilla	firefox_esr	>= unspecified < 52.1	52.1
mozilla	network_security_services	< 3.28.4	3.28.4
mozilla	nss	>= 0 < 2:3.26.2-1.1	2:3.26.2-1.1
mozilla	nss	>= 0 < 2:3.26.2-1.1	2:3.26.2-1.1
mozilla	nss	>= 0 < 2:3.26.2-1.1	2:3.26.2-1.1
mozilla	nss	>= 0 < 2:3.26.2-1.1	2:3.26.2-1.1
mozilla	thunderbird	< 52.1.0	52.1.0
mozilla	thunderbird	>= 0 < 1:52.1.1+build1-0ubuntu0.14.04.1	1:52.1.1+build1-0ubuntu0.14.04.1
mozilla	thunderbird	>= 0 < 1:52.1.1+build1-0ubuntu0.16.04.1	1:52.1.1+build1-0ubuntu0.16.04.1
mozilla	thunderbird	>= unspecified < 52.1	52.1

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

osv9.8CRITICAL