CVE-2017-5462
First published: Wed Apr 19 2017(Updated: )
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.
Credit: security@mozilla.org security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | <52.1 | 52.1 |
| Mozilla Firefox ESR | <52.1 | 52.1 |
| Mozilla Firefox ESR | <45.9 | 45.9 |
| Mozilla Firefox | <53 | 53 |
| Debian Debian Linux | =8.0 | |
| Mozilla Firefox | <53.0 | |
| Mozilla Firefox ESR | <45.9.0 | |
| Mozilla Firefox ESR | =52.0 | |
| Mozilla Network Security Services | <3.28.4 | |
| Mozilla Thunderbird | <52.1.0 | |
| Mozilla Firefox | =52.0 | |
| debian/firefox | 133.0.3-1 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.5.0esr-1~deb11u1 128.3.1esr-1~deb12u1 128.5.0esr-1~deb12u1 128.5.0esr-1 128.5.1esr-1 | |
| debian/nss | 2:3.61-1+deb11u3 2:3.61-1+deb11u4 2:3.87.1-1 2:3.87.1-1+deb12u1 2:3.106-1 | |
| =8.0 | ||
| <53.0 | ||
| =52.0 | ||
| <45.9.0 | ||
| <3.28.4 | ||
| <52.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1345089
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/
- https://www.mozilla.org/security/advisories/mfsa2017-10/
- https://www.mozilla.org/security/advisories/mfsa2017-11/
- https://www.mozilla.org/security/advisories/mfsa2017-12/
- https://www.mozilla.org/security/advisories/mfsa2017-13/
- https://www.debian.org/security/2017/dsa-3831
- https://www.debian.org/security/2017/dsa-3872
- https://security.gentoo.org/glsa/201705-04
- http://www.securityfocus.com/bid/97940
- http://www.securitytracker.com/id/1038320
- https://launchpad.net/bugs/cve/CVE-2017-5462
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462
- https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
- https://security-tracker.debian.org/tracker/CVE-2017-5462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462
- https://nvd.nist.gov/vuln/detail/CVE-2017-5462
- https://ubuntu.com/security/CVE-2017-5462
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2017-5433
- CVE-2017-5435
- CVE-2017-5436
- CVE-2017-5461
- CVE-2017-5459
- CVE-2017-5466
- CVE-2017-5434
- CVE-2017-5432
- CVE-2017-5460
- CVE-2017-5438
- CVE-2017-5439
- CVE-2017-5440
- CVE-2017-5441
- CVE-2017-5442
- CVE-2017-5464
- CVE-2017-5443
- CVE-2017-5444
- CVE-2017-5446
- CVE-2017-5447
- CVE-2017-5465
- CVE-2016-10196
- CVE-2017-5454
- CVE-2017-5469
- CVE-2017-5445
- CVE-2017-5449
- CVE-2017-5451
- CVE-2017-5462
- CVE-2017-5467
- CVE-2017-5430
- CVE-2017-5429
- CVE-2017-5448
- CVE-2017-5455
- CVE-2017-5456
- CVE-2017-5450
- CVE-2017-5463
- CVE-2017-5452
- CVE-2017-5453
- CVE-2017-5458
- CVE-2017-5468
- collector/mozilla-advisory
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/remedy
- agent/severity
- source/Mozilla
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- collector/security-tracker-debian
- source/Debian
- collector/nvd-api
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- canonical/mozilla firefox
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/mozilla firefox esr/52.0
- canonical/mozilla network security services
- package-manager/debian
- version/mozilla firefox/52.0