CVE-2006-5462

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2006-5462
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html Patch
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html Patch
https://bugzilla.mozilla.org/show_bug.cgi?id=356215 Patch
http://www.us-cert.gov/cas/techalerts/TA06-312A.html Patch US Government Resource
http://www.kb.cert.org/vuls/id/335392 Patch US Government Resource
http://securitytracker.com/id?1017180
http://securitytracker.com/id?1017181
http://securitytracker.com/id?1017182
http://secunia.com/advisories/22722 Patch Vendor Advisory
http://secunia.com/advisories/22770 Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2006-0733.html
http://rhn.redhat.com/errata/RHSA-2006-0734.html
http://rhn.redhat.com/errata/RHSA-2006-0735.html
http://secunia.com/advisories/22727
http://secunia.com/advisories/22737
http://secunia.com/advisories/22763
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
http://www.ubuntu.com/usn/usn-381-1
http://www.ubuntu.com/usn/usn-382-1
http://secunia.com/advisories/22817
http://secunia.com/advisories/22929
http://secunia.com/advisories/22965
http://secunia.com/advisories/22980
http://secunia.com/advisories/23009
http://secunia.com/advisories/23013
http://www.debian.org/security/2006/dsa-1224
http://www.debian.org/security/2006/dsa-1225
http://www.debian.org/security/2006/dsa-1227
http://secunia.com/advisories/23197
http://secunia.com/advisories/23202
http://secunia.com/advisories/23235
http://security.gentoo.org/glsa/glsa-200612-06.xml
http://security.gentoo.org/glsa/glsa-200612-07.xml
http://security.gentoo.org/glsa/glsa-200612-08.xml
http://secunia.com/advisories/23263
http://secunia.com/advisories/23287
http://secunia.com/advisories/23297
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
http://secunia.com/advisories/23883
http://secunia.com/advisories/22815
http://secunia.com/advisories/24711
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
http://secunia.com/advisories/22066
http://www.vupen.com/english/advisories/2006/4387
http://www.vupen.com/english/advisories/2007/0293
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2007/1198
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
http://www.vupen.com/english/advisories/2008/0083
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
Information

Published : 2006-11-08 13:07

Updated : 2017-10-10 18:31

NVD link : CVE-2006-5462

Mitre link : CVE-2006-5462

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

mozilla

  • firefox
  • network_security_services
  • seamonkey
  • thunderbird