CVE-2017-5462

Publication date 20 April 2017

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

Description

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Read the notes from the security team

Status

Package Ubuntu Release Status
firefox 17.04 zesty
Fixed 53.0+build6-0ubuntu0.17.04.1
16.10 yakkety
Fixed 53.0+build6-0ubuntu0.16.10.1
16.04 LTS xenial
Fixed 53.0+build6-0ubuntu0.16.04.1
14.04 LTS trusty
Fixed 53.0+build6-0ubuntu0.14.04.1
12.04 LTS precise Ignored
nss 17.04 zesty
Fixed 2:3.28.4-0ubuntu0.17.04.1
16.10 yakkety
Fixed 2:3.28.4-0ubuntu0.16.10.1
16.04 LTS xenial
Fixed 2:3.28.4-0ubuntu0.16.04.1
14.04 LTS trusty
Fixed 2:3.28.4-0ubuntu0.14.04.1
12.04 LTS precise Ignored end of life
thunderbird 17.04 zesty
Fixed 1:52.1.1+build1-0ubuntu0.17.04.1
16.10 yakkety
Fixed 1:52.1.1+build1-0ubuntu0.16.10.1
16.04 LTS xenial
Fixed 1:52.1.1+build1-0ubuntu0.16.04.1
14.04 LTS trusty
Fixed 1:52.1.1+build1-0ubuntu0.14.04.1
12.04 LTS precise Ignored end of life

Notes

leosilva

fixed for nss in precise after version upgrade

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
nss

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.3 · Medium

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Related Ubuntu Security Notices (USN)

    • USN-3278-1
    • Thunderbird vulnerabilities
    • 16 May 2017
    • USN-3260-1
    • Firefox vulnerabilities
    • 21 April 2017

Other references

Access our resources on patching vulnerabilities