CVE-2006-5462

high

Description

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478

https://exchange.xforce.ibmcloud.com/vulnerabilities/30098

https://bugzilla.mozilla.org/show_bug.cgi?id=356215

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

http://www.vupen.com/english/advisories/2008/0083

http://www.vupen.com/english/advisories/2007/1198

http://www.vupen.com/english/advisories/2007/0293

http://www.vupen.com/english/advisories/2006/4387

http://www.vupen.com/english/advisories/2006/3748

http://www.us-cert.gov/cas/techalerts/TA06-312A.html

http://www.ubuntu.com/usn/usn-382-1

http://www.ubuntu.com/usn/usn-381-1

http://www.novell.com/linux/security/advisories/2006_68_mozilla.html

http://www.mozilla.org/security/announce/2006/mfsa2006-66.html

http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:206

http://www.mandriva.com/security/advisories?name=MDKSA-2006:205

http://www.kb.cert.org/vuls/id/335392

http://www.debian.org/security/2006/dsa-1227

http://www.debian.org/security/2006/dsa-1225

http://www.debian.org/security/2006/dsa-1224

http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1

http://securitytracker.com/id?1017182

http://securitytracker.com/id?1017181

http://securitytracker.com/id?1017180

http://security.gentoo.org/glsa/glsa-200612-08.xml

http://security.gentoo.org/glsa/glsa-200612-07.xml

http://security.gentoo.org/glsa/glsa-200612-06.xml

http://secunia.com/advisories/24711

http://secunia.com/advisories/23883

http://secunia.com/advisories/23297

http://secunia.com/advisories/23287

http://secunia.com/advisories/23263

http://secunia.com/advisories/23235

http://secunia.com/advisories/23202

http://secunia.com/advisories/23197

http://secunia.com/advisories/23013

http://secunia.com/advisories/23009

http://secunia.com/advisories/22980

http://secunia.com/advisories/22965

http://secunia.com/advisories/22929

http://secunia.com/advisories/22817

http://secunia.com/advisories/22815

http://secunia.com/advisories/22770

http://secunia.com/advisories/22763

http://secunia.com/advisories/22737

http://secunia.com/advisories/22727

http://secunia.com/advisories/22722

http://secunia.com/advisories/22066

http://rhn.redhat.com/errata/RHSA-2006-0735.html

http://rhn.redhat.com/errata/RHSA-2006-0734.html

http://rhn.redhat.com/errata/RHSA-2006-0733.html

Details

Source: Mitre, NVD

Published: 2006-11-08

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High