Main Vulnerability Database Vulnerabilities #VU6339

Information disclosure in Mozilla Firefox and Firefox ESR - CVE-2017-5462

Published: April 19, 2017

Vulnerability identifier: #VU6339

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-5462

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox
Firefox ESR

Detailed vulnerability description

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox has been updated with corresponding version of NSS.

How to mitigate CVE-2017-5462

Update to Firefox 53, Firefox ESR 45.9 or Firefox ESR 52.1.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/

Information disclosure in Mozilla Firefox and Firefox ESR - CVE-2017-5462

Detailed vulnerability description

How to mitigate CVE-2017-5462

Sources

Please verify you're human