PT-2017-4011 · Mozilla+3 · Firefox Esr+6

Franziskus Kiefer

+1

·

Publicado

2017-03-07

·

Atualizado

2024-12-12

·

CVE-2017-5462

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Network Security Services (NSS) library versions prior to 3.28.4 Firefox ESR versions prior to 52.1 Firefox ESR versions prior to 45.9 Firefox versions prior to 53 Thunderbird versions prior to 52.1
Description A flaw in the DRBG number generation within the Network Security Services (NSS) library affects the internal state V, which does not correctly carry bits over. This issue may allow a remote attacker to impact data integrity. The estimated number of potentially affected devices worldwide is not specified.
Recommendations For Network Security Services (NSS) library versions prior to 3.28.4, update to version 3.28.4 or later. For Firefox ESR versions prior to 52.1, update to version 52.1 or later. For Firefox ESR versions prior to 45.9, update to version 45.9 or later. For Firefox versions prior to 53, update to version 53 or later. For Thunderbird versions prior to 52.1, update to version 52.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-682

Identificadores relacionados

ALT-PU-2017-1285
ALT-PU-2017-1505
ALT-PU-2017-1506
ALT-PU-2017-1553
ALT-PU-2017-1577
ALT-PU-2018-1854
BDU:2021-00048
CVE-2017-5462
DLA-906-1
DLA-946-1
DSA-3831-1
DSA-3872-1
MGASA-2018-0018
OPENSUSE-SU-2017:1268-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2017:1175-1
SUSE-SU-2017:1248-1
SUSE-SU-2017:1669-1
SUSE-SU-2017:2235-1
USN-3260-1
USN-3260-2
USN-3278-1

Produtos afetados

Alt Linux
Firefox
Firefox Esr
Network Security Services (Nss) Library
Suse
Thunderbird
Ubuntu