CVE-2017-5462

5.3 MEDIUM
Published: June 11, 2018 Modified: November 25, 2025
View on NVD

Description

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.securityfocus.com/bid/97940
Source: security@mozilla.org
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038320
Source: security@mozilla.org
Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1345089
Source: security@mozilla.org
Issue Tracking
https://security.gentoo.org/glsa/201705-04
Source: security@mozilla.org
Third Party Advisory
https://www.debian.org/security/2017/dsa-3831
Source: security@mozilla.org
Third Party Advisory
https://www.debian.org/security/2017/dsa-3872
Source: security@mozilla.org
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-10/
Source: security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-11/
Source: security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-12/
Source: security@mozilla.org
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-13/
Source: security@mozilla.org
Vendor Advisory
http://www.securityfocus.com/bid/97940
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038320
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1345089
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://security.gentoo.org/glsa/201705-04
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2017/dsa-3831
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2017/dsa-3872
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-10/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-11/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-12/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-13/
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

20 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
EPSS (Exploit Probability)
1.1%
77th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-682

Affected Vendors

mozilla debian

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3