Published: 11/06/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
mozilla firefox esr
mozilla thunderbird
mozilla firefox
mozilla network security services
mozilla firefox esr 52.0

Debian Bug report logs - #862958 nss: CVE-2017-5461 CVE-2017-5462 Package: src:nss; Maintainer for src:nss is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Reported by: Raphael Hertzog <hertzog@debianorg> Date: Fri, 19 May 2017 10:48:02 UTC Severity: important Tags: patch, security, ...

Debian Bug report logs - #863839 CVE-2017-7502 Package: nss; Maintainer for nss is Maintainers of Mozilla-related packages <team+pkg-mozilla@trackerdebianorg>; Reported by: Ola Lundqvist <ola@inguzacom> Date: Wed, 31 May 2017 20:03:01 UTC Severity: important Tags: fixed-upstream, patch, security, upstream Found i ...

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service For the stable distribution (jessie), these problems have been fixed in version 4590 ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

USN-3260-1 caused a regression in Firefox ...

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over The NSS library has been updated to fix this issue to address this issue and Firefox ESR 521 has been updated with NSS version 3284 This vulnerability affects Thunderbird < 521, Firefox ESR < ...

Mozilla Foundation Security Advisory 2017-11 Security vulnerabilities fixed in Firefox ESR 459 Announced April 19, 2017 Impact critical Products Firefox ESR Fixed in Firefox ESR 459 ...

Mozilla Foundation Security Advisory 2017-10 Security vulnerabilities fixed in Firefox 53 Announced April 19, 2017 Impact critical Products Firefox Fixed in Firefox 53 ...

Mozilla Foundation Security Advisory 2017-13 Security vulnerabilities fixed in Thunderbird 521 Announced April 30, 2017 Impact critical Products Thunderbird Fixed in Thunderbird 521 ...

Mozilla Foundation Security Advisory 2017-12 Security vulnerabilities fixed in Firefox ESR 521 Announced April 19, 2017 Impact critical Products Firefox ESR Fixed in Firefox ESR 521 ...

CWE-682 https://www.mozilla.org/security/advisories/mfsa2017-13/https://www.mozilla.org/security/advisories/mfsa2017-12/https://www.mozilla.org/security/advisories/mfsa2017-11/https://www.mozilla.org/security/advisories/mfsa2017-10/https://bugzilla.mozilla.org/show_bug.cgi?id=1345089 https://www.debian.org/security/2017/dsa-3872 https://www.debian.org/security/2017/dsa-3831 https://security.gentoo.org/glsa/201705-04 http://www.securitytracker.com/id/1038320 http://www.securityfocus.com/bid/97940 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958 https://usn.ubuntu.com/3260-1/https://www.debian.org/security/./dsa-3831

Get Started

CVE-2017-5462

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect