CVE-2017-5461

NameCVE-2017-5461
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-906-1, DSA-3831-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid53.0.is.52.0.2-1fixed
firefox-esr (PTS)wheezy (security)45.9.0esr-1~deb7u1fixed
jessie45.6.0esr-1~deb8u1vulnerable
jessie (security)45.9.0esr-1~deb8u1fixed
nss (PTS)wheezy2:3.14.5-1+deb7u5vulnerable
wheezy (security)2:3.26-1+debu7u2vulnerable
jessie (security), jessie2:3.26-1+debu8u1vulnerable
stretch, sid2:3.26.2-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)52.0.1-1
firefox-esrsourcejessie45.9.0esr-1~deb8u1DSA-3831-1
firefox-esrsourcewheezy45.9.0esr-1~deb7u1DLA-906-1
nsssource(unstable)(unfixed)
nsssourceexperimental2:3.30.1-1

Notes

https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa

Search for package or bug name: Reporting problems