CVE-2017-5462

EPSS 1.07%
Published 11.06.2018 21:29:07
Last modified 21.11.2024 03:27:40
Source security@mozilla.org
Teams watchlist Login
Open Login

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Affected products Warnungen 0 Metrics 3 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version8.0

Mozilla ≫ Firefox Version < 53.0

Mozilla ≫ Firefox Version52.0

Mozilla ≫ Firefox ESR Version < 45.9.0

Mozilla ≫ Network Security Services Version < 3.28.4

Mozilla ≫ Thunderbird Version < 52.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.07%	0.768

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

http://www.securitytracker.com/id/1038320

Third Party Advisory

VDB Entry

https://www.mozilla.org/security/advisories/mfsa2017-10/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-11/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-12/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-13/

Vendor Advisory

https://security.gentoo.org/glsa/201705-04