CVE-2006-5462

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5462
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
http://rhn.redhat.com/errata/RHSA-2006-0733.html
http://rhn.redhat.com/errata/RHSA-2006-0734.html
http://rhn.redhat.com/errata/RHSA-2006-0735.html
http://secunia.com/advisories/22066
http://secunia.com/advisories/22722 Patch Vendor Advisory
http://secunia.com/advisories/22727
http://secunia.com/advisories/22737
http://secunia.com/advisories/22763
http://secunia.com/advisories/22770 Patch Vendor Advisory
http://secunia.com/advisories/22815
http://secunia.com/advisories/22817
http://secunia.com/advisories/22929
http://secunia.com/advisories/22965
http://secunia.com/advisories/22980
http://secunia.com/advisories/23009
http://secunia.com/advisories/23013
http://secunia.com/advisories/23197
http://secunia.com/advisories/23202
http://secunia.com/advisories/23235
http://secunia.com/advisories/23263
http://secunia.com/advisories/23287
http://secunia.com/advisories/23297
http://secunia.com/advisories/23883
http://secunia.com/advisories/24711
http://security.gentoo.org/glsa/glsa-200612-06.xml
http://security.gentoo.org/glsa/glsa-200612-07.xml
http://security.gentoo.org/glsa/glsa-200612-08.xml
http://securitytracker.com/id?1017180
http://securitytracker.com/id?1017181
http://securitytracker.com/id?1017182
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
http://www.debian.org/security/2006/dsa-1224
http://www.debian.org/security/2006/dsa-1225
http://www.debian.org/security/2006/dsa-1227
http://www.kb.cert.org/vuls/id/335392 Patch US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html Patch
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html Patch
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
http://www.ubuntu.com/usn/usn-381-1
http://www.ubuntu.com/usn/usn-382-1
http://www.us-cert.gov/cas/techalerts/TA06-312A.html Patch US Government Resource
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/4387
http://www.vupen.com/english/advisories/2007/0293
http://www.vupen.com/english/advisories/2007/1198
http://www.vupen.com/english/advisories/2008/0083
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
https://bugzilla.mozilla.org/show_bug.cgi?id=356215 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-11-08 21:07

Updated : 2023-12-10 10:40

NVD link : CVE-2006-5462

Mitre link : CVE-2006-5462

CVE.ORG link : CVE-2006-5462

JSON object : View

Products Affected

mozilla

  • network_security_services
  • firefox
  • seamonkey
  • thunderbird
CWE
NVD-CWE-Other