CVE-2017-5462

MEDIUM

NSS - Memory Corruption

Title source: llm

Description

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

References (10)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97940

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038320

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1345089

[Third Party Advisory] https://security.gentoo.org/glsa/201705-04

[Third Party Advisory] https://www.debian.org/security/2017/dsa-3831

[Third Party Advisory] https://www.debian.org/security/2017/dsa-3872

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2017-10/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2017-11/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2017-12/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2017-13/

Scores

CVSS v3 5.3

EPSS 0.0107

EPSS Percentile 77.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-682

Status published

Affected Products (5)

debian/debian_linux

mozilla/firefox < 45.9.0

mozilla/firefox

mozilla/network_security_services < 3.28.4

mozilla/thunderbird < 52.1.0

Timeline

Published Jun 11, 2018

Tracked Since Feb 18, 2026