PT-2017-4011 · Mozilla+3 · Firefox Esr+6

Franziskus Kiefer

Published

2017-03-07

Updated

2024-12-12

CVE-2017-5462

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Network Security Services (NSS) library versions prior to 3.28.4 Firefox ESR versions prior to 52.1 Firefox ESR versions prior to 45.9 Firefox versions prior to 53 Thunderbird versions prior to 52.1

Description A flaw in the DRBG number generation within the Network Security Services (NSS) library affects the internal state V, which does not correctly carry bits over. This issue may allow a remote attacker to impact data integrity. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Network Security Services (NSS) library versions prior to 3.28.4, update to version 3.28.4 or later. For Firefox ESR versions prior to 52.1, update to version 52.1 or later. For Firefox ESR versions prior to 45.9, update to version 45.9 or later. For Firefox versions prior to 53, update to version 53 or later. For Thunderbird versions prior to 52.1, update to version 52.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

ALT-PU-2017-1285

ALT-PU-2017-1505

ALT-PU-2017-1506

ALT-PU-2017-1553

ALT-PU-2017-1577

ALT-PU-2018-1854

BDU:2021-00048

CVE-2017-5462

DLA-906-1

DLA-946-1

DSA-3831-1

DSA-3872-1

MGASA-2018-0018

OPENSUSE-SU-2017:1268-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:10601-1

OPENSUSE-SU-2024:14572-1

SUSE-SU-2017:1175-1

SUSE-SU-2017:1248-1

SUSE-SU-2017:1669-1

SUSE-SU-2017:2235-1

USN-3260-1

USN-3260-2

USN-3278-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Network Security Services (Nss) Library

Suse

Thunderbird

Ubuntu

PT-2017-4011 · Mozilla+3 · Firefox Esr+6

CVE-2017-5462

Weakness Enumeration

Related Identifiers

Affected Products

References · 2075