[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4340Date: (C)2006-09-15   (M)2023-12-22


Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 4.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1016858
SECTRACK-1016859
SECTRACK-1016860
SUNALERT-102648
SUNALERT-102781
20060901-01-P
http://www.securityfocus.com/archive/1/446140/100/0/threaded
SECUNIA-21903
SECUNIA-21906
SECUNIA-21915
SECUNIA-21916
SECUNIA-21939
SECUNIA-21940
SECUNIA-21949
SECUNIA-21950
SECUNIA-22001
SECUNIA-22025
SECUNIA-22036
SECUNIA-22044
SECUNIA-22055
SECUNIA-22056
SECUNIA-22066
SECUNIA-22074
SECUNIA-22088
SECUNIA-22195
SECUNIA-22210
SECUNIA-22226
SECUNIA-22247
SECUNIA-22274
SECUNIA-22299
SECUNIA-22342
SECUNIA-22422
SECUNIA-22446
SECUNIA-22849
SECUNIA-22992
SECUNIA-23883
SECUNIA-24711
ADV-2006-3617
ADV-2006-3622
ADV-2006-3748
ADV-2006-3899
ADV-2007-0293
ADV-2007-1198
ADV-2008-0083
DSA-1191
DSA-1192
DSA-1210
GLSA-200609-19
GLSA-200610-01
GLSA-200610-06
MDKSA-2006:168
MDKSA-2006:169
RHSA-2006:0675
RHSA-2006:0676
RHSA-2006:0677
SSRT061181
SUSE-SA:2006:054
SUSE-SA:2006:055
TA06-312A
USN-350-1
USN-351-1
USN-352-1
USN-354-1
USN-361-1
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
https://issues.rpath.com/browse/RPL-640
mozilla-nss-security-bypass(30098)
oval:org.mitre.oval:def:11007

CPE    4
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:network_security_services
cpe:/a:mozilla:firefox
...
CWE    1
CWE-20

© SecPod Technologies