1. Home
  2. Vulnerabilities
  3. CVE-2017-5462

CVE-2017-5462

CVSS v3.0 5.3 (Medium)
53% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.51 % (77th)
0.51% Progress
Affected Products 5
Advisories 18
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Weaknesses
CWE-682
Incorrect Calculation
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2018-06-11 21:29:07
(6 years ago)
Updated Date
2019-10-03 00:03:26
(5 years ago)

Affected Products

Debian

Mozilla

Configuration #1

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0

Configuration #2

    CPE23 From Up To
  Mozilla Firefox prior 53.0 version cpe:2.3:a:mozilla:firefox < 53.0
  Mozilla Firefox Esr prior 45.9.0 version cpe:2.3:a:mozilla:firefox_esr < 45.9.0
  Mozilla Firefox Esr 52.0 cpe:2.3:a:mozilla:firefox_esr:52.0
  Mozilla Network Security Services prior 3.28.4 version cpe:2.3:a:mozilla:network_security_services < 3.28.4
  Mozilla Thunderbird prior 52.1.0 version cpe:2.3:a:mozilla:thunderbird < 52.1.0