CVE-2017-5462

MEDIUM

NSS - Memory Corruption

Title source: llm

Description

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

References (10)

[Third Party Advisory] https://security.gentoo.org/glsa/201705-04

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2017-12/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2017-11/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2017-10/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97940

[Third Party Advisory] https://www.debian.org/security/2017/dsa-3831

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1345089

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2017-13/

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038320

[Third Party Advisory] https://www.debian.org/security/2017/dsa-3872

Scores

CVSS v3 5.3

EPSS 0.0107

EPSS Percentile 77.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-682

Status published

Products (5)

debian/debian_linux 8.0

mozilla/firefox 52.0

mozilla/firefox < 45.9.0

mozilla/network_security_services < 3.28.4

mozilla/thunderbird < 52.1.0

Published Jun 11, 2018

Tracked Since Feb 18, 2026