{"api_version":"1","generated_at":"2026-04-24T00:08:03+00:00","cve":"CVE-2017-5462","urls":{"html":"https://cve.report/CVE-2017-5462","api":"https://cve.report/api/cve/CVE-2017-5462.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-5462","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-5462"},"summary":{"title":"CVE-2017-5462","description":"A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2018-06-11 21:29:00","updated_at":"2019-10-03 00:03:00"},"problem_types":["CWE-682"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2017-13/","name":"https://www.mozilla.org/security/advisories/mfsa2017-13/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Thunderbird 52.1 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1038320","name":"1038320","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"Mozilla Firefox Multiple Bugs Let Remote Users Bypass Security Restrictions, Spoof URLs, Obtain Potentially Sensitive Information, Deny Service, and Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1345089","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1345089","refsource":"CONFIRM","tags":["Issue Tracking"],"title":"1345089 - (CVE-2017-5462) DRBG addition is broken","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2017-10/","name":"https://www.mozilla.org/security/advisories/mfsa2017-10/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Firefox 53 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201705-04","name":"GLSA-201705-04","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"Mozilla Network Security Service (NSS): Multiple vulnerabilities (GLSA 201705-04) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/97940","name":"97940","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Mozilla Firefox Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.mozilla.org/security/advisories/mfsa2017-11/","name":"https://www.mozilla.org/security/advisories/mfsa2017-11/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Firefox ESR 45.9 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2017/dsa-3872","name":"DSA-3872","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-3872-1 nss","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2017-12/","name":"https://www.mozilla.org/security/advisories/mfsa2017-12/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Firefox ESR 52.1 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2017/dsa-3831","name":"DSA-3831","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-3831-1 firefox-esr","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-5462","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5462","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"52.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"52.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"network_security_services","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"network_security_services","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"5462","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-5462","qid":"690289","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla (5e0a038a-ca30-416d-a2f5-38cbf5e7df33)"},{"cve":"CVE-2017-5462","qid":"710287","title":"Gentoo Linux Mozilla Firefox Multiple Vulnerabilities (GLSA 201802-03)"},{"cve":"CVE-2017-5462","qid":"710397","title":"Gentoo Linux Mozilla Network Security Service (NSS) Multiple Vulnerabilities (GLSA 201705-04)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@mozilla.org","ID":"CVE-2017-5462","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Thunderbird","version":{"version_data":[{"version_affected":"<","version_value":"52.1"}]}},{"product_name":"Firefox ESR","version":{"version_data":[{"version_affected":"<","version_value":"45.9"},{"version_affected":"<","version_value":"52.1"}]}},{"product_name":"Firefox","version":{"version_data":[{"version_affected":"<","version_value":"53"}]}}]},"vendor_name":"Mozilla"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"DRBG flaw in NSS"}]}]},"references":{"reference_data":[{"name":"GLSA-201705-04","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201705-04"},{"name":"https://www.mozilla.org/security/advisories/mfsa2017-12/","refsource":"CONFIRM","url":"https://www.mozilla.org/security/advisories/mfsa2017-12/"},{"name":"https://www.mozilla.org/security/advisories/mfsa2017-11/","refsource":"CONFIRM","url":"https://www.mozilla.org/security/advisories/mfsa2017-11/"},{"name":"https://www.mozilla.org/security/advisories/mfsa2017-10/","refsource":"CONFIRM","url":"https://www.mozilla.org/security/advisories/mfsa2017-10/"},{"name":"97940","refsource":"BID","url":"http://www.securityfocus.com/bid/97940"},{"name":"DSA-3831","refsource":"DEBIAN","url":"https://www.debian.org/security/2017/dsa-3831"},{"name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1345089","refsource":"CONFIRM","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1345089"},{"name":"https://www.mozilla.org/security/advisories/mfsa2017-13/","refsource":"CONFIRM","url":"https://www.mozilla.org/security/advisories/mfsa2017-13/"},{"name":"1038320","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1038320"},{"name":"DSA-3872","refsource":"DEBIAN","url":"https://www.debian.org/security/2017/dsa-3872"}]}},"nvd":{"publishedDate":"2018-06-11 21:29:00","lastModifiedDate":"2019-10-03 00:03:00","problem_types":["CWE-682"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"52.1.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"53.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"45.9.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:52.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","versionEndExcluding":"3.28.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"5462","Ordinal":"101993","Title":"CVE-2017-5462","CVE":"CVE-2017-5462","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"5462","Ordinal":"1","NoteData":"A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"5462","Ordinal":"2","NoteData":"2018-06-11","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"5462","Ordinal":"3","NoteData":"2018-06-12","Type":"Other","Title":"Modified"}]}}}