CVE-2017-5462 — MEDIUM (5.3)

Q: How severe is CVE-2017-5462?

CVE-2017-5462 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-5462?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Mozilla Firefox, Mozilla Network Security Services, Mozilla Thunderbird.

Vulnerability Description

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	8.0
Mozilla	Firefox	< 45.9.0
Mozilla	Network Security Services	< 3.28.4
Mozilla	Thunderbird	< 52.1.0

Related Weaknesses (CWE)

CWE-682

References

http://www.securityfocus.com/bid/97940Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038320Third Party AdvisoryVDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1345089Issue Tracking
https://security.gentoo.org/glsa/201705-04Third Party Advisory
https://www.debian.org/security/2017/dsa-3831Third Party Advisory
https://www.debian.org/security/2017/dsa-3872Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-10/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-11/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-12/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-13/Vendor Advisory
http://www.securityfocus.com/bid/97940Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038320Third Party AdvisoryVDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1345089Issue Tracking
https://security.gentoo.org/glsa/201705-04Third Party Advisory
https://www.debian.org/security/2017/dsa-3831Third Party Advisory

FAQ

What is CVE-2017-5462?

CVE-2017-5462 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to...

How severe is CVE-2017-5462?

CVE-2017-5462 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5462?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Mozilla Firefox, Mozilla Network Security Services, Mozilla Thunderbird.