CVE-2017-5462

EPSS 1.07%
Veröffentlicht 11.06.2018 21:29:07
Zuletzt bearbeitet 25.11.2025 17:50:16
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version8.0

Mozilla ≫ Firefox Version < 45.9.0

Mozilla ≫ Firefox Version < 53.0

Mozilla ≫ Firefox Version52.0

Mozilla ≫ Network Security Services Version < 3.28.4

Mozilla ≫ Thunderbird Version < 52.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.771

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

http://www.securitytracker.com/id/1038320

Third Party Advisory

VDB Entry

https://www.mozilla.org/security/advisories/mfsa2017-10/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-11/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-12/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-13/

Vendor Advisory

https://security.gentoo.org/glsa/201705-04