CVE-2017-5462

CVE Database · CVE-2017-5462

CVE-2017-5462

· N/AModified

CVSS v3.1

N/A

EPSS

2.64%

Published

Jun 11, 2018

Modified

Nov 25, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Weaknesses (CWE)

CWE-682

Affected Products (6)

debian · debian_linuxvulnerable

mozilla · firefox (up to 45.9.0)vulnerable

mozilla · firefox (up to 53.0)vulnerable

mozilla · firefoxvulnerable

mozilla · network_security_services (up to 3.28.4)vulnerable

mozilla · thunderbird (up to 52.1.0)vulnerable

References (20)

http://www.securityfocus.com/bid/97940

Third Party AdvisoryVDB Entry