CVE-2017-5462 in Debian and Mozilla Products
Published on June 11, 2018

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2017-5462

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2017-5462 are published in these products:

Debian Linux

Mozilla Thunderbird

Mozilla Firefox

Mozilla FireFox Extended Support Release (ESR)

Mozilla Network Security Services

Affected Versions

Mozilla Thunderbird:

Version unspecified and below 52.1 is affected.

Mozilla Firefox ESR:

Version unspecified and below 45.9 is affected.
Version unspecified and below 52.1 is affected.

Mozilla Firefox:

Version unspecified and below 53 is affected.

Exploit Probability

EPSS

1.07%

Percentile

77.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-5462 in Debian and Mozilla ProductsPublished on June 11, 2018

Products Associated with CVE-2017-5462

Affected Versions

Exploit Probability

CVE-2017-5462 in Debian and Mozilla Products
Published on June 11, 2018