CVE-2006-5462

Severity

64%

Complexity

99%

Confidentiality

81%

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N).

Overview

Type

Mozilla

First reported 18 years ago

2006-11-08 21:07:00

Last updated 7 years ago

2017-10-11 01:31:00

Affected Software

Mozilla Firefox 1.5

1.5

Mozilla Firefox 1.5 Beta 1

1.5

Mozilla Firefox 1.5 Beta 2

1.5

Mozilla Firefox 1.5.0.1

1.5.0.1

Mozilla Firefox 1.5.0.2

1.5.0.2

Mozilla Firefox 1.5.0.3

1.5.0.3

Mozilla Firefox 1.5.0.4

1.5.0.4

Mozilla Firefox 1.5.0.5

1.5.0.5

Mozilla Firefox 1.5.0.6

1.5.0.6

Mozilla Firefox 1.5.0.7

1.5.0.7

Mozilla Network Security Services 3.11.3

3.11.3

Mozilla SeaMonkey 1.0

1.0

Mozilla SeaMonkey 1.0 beta

1.0

Mozilla SeaMonkey 1.0.1

1.0.1

Mozilla SeaMonkey 1.0.2

1.0.2

Mozilla SeaMonkey 1.0.3

1.0.3

Mozilla SeaMonkey 1.0.4

1.0.4

Mozilla SeaMonkey 1.0.5

1.0.5

Mozilla Thunderbird 1.5

1.5

Mozilla Thunderbird 1.5 Beta 2

1.5

Mozilla Thunderbird 1.5.0.2

1.5.0.2

Mozilla Thunderbird 1.5.0.4

1.5.0.4

Mozilla Thunderbird 1.5.0.7

1.5.0.7

References

20061101-01-P

RHSA-2006:0733

RHSA-2006:0734

RHSA-2006:0735

22066

22722

Patch, Vendor Advisory

22727

22737

22763

22770

Patch, Vendor Advisory

22815

22817

22929

22965

22980

23009

23013

23197

23202

23235

23263

23287

23297

23883

24711

GLSA-200612-06

GLSA-200612-07

GLSA-200612-08

1017180

1017181

1017182

102781

http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

DSA-1224

DSA-1225

DSA-1227

VU#335392

Patch, US Government Resource

MDKSA-2006:205

MDKSA-2006:206

http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

Patch

http://www.mozilla.org/security/announce/2006/mfsa2006-66.html

Patch

SUSE-SA:2006:068

USN-381-1

USN-382-1

TA06-312A

Patch, US Government Resource

ADV-2006-3748

ADV-2006-4387

ADV-2007-0293

ADV-2007-1198

ADV-2008-0083

SSRT061181

https://bugzilla.mozilla.org/show_bug.cgi?id=356215

Patch

mozilla-nss-security-bypass(30098)

oval:org.mitre.oval:def:10478

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.