CVE-2017-5462

EPSS 1.07%
Veröffentlicht 11.06.2018 21:29:07
Zuletzt bearbeitet 21.11.2024 03:27:40
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version8.0

Mozilla ≫ Firefox Version < 53.0

Mozilla ≫ Firefox Version52.0

Mozilla ≫ Firefox ESR Version < 45.9.0

Mozilla ≫ Network Security Services Version < 3.28.4

Mozilla ≫ Thunderbird Version < 52.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.768

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-682 Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

http://www.securitytracker.com/id/1038320

Third Party Advisory

VDB Entry

https://www.mozilla.org/security/advisories/mfsa2017-10/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-11/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-12/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2017-13/

Vendor Advisory

https://security.gentoo.org/glsa/201705-04