CVE-2006-4340 Information

Feb 14, 2021 cve

Description

Mozilla Network Security Service (NSS) library before 3.11.3 as used in Mozilla Firefox before 1.5.0.7 Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5 when using an RSA key with exponent 3 does not properly handle extra data in a signature which allows remote attackers to forge signatures for SSL/TLS and email certificates a similar vulnerability to CVE-2006-4339. NOTE: on 20061107 Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21903 http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22036 http://secunia.com/advisories/22044 http://secunia.com/advisories/22055 http://secunia.com/advisories/22056 http://secunia.com/advisories/22066 http://secunia.com/advisories/22074 http://secunia.com/advisories/22088 http://secunia.com/advisories/22195 http://secunia.com/advisories/22210 http://secunia.com/advisories/22226 http://secunia.com/advisories/22247 http://secunia.com/advisories/22274 http://secunia.com/advisories/22299 http://secunia.com/advisories/22342 http://secunia.com/advisories/22422 http://secunia.com/advisories/22446 http://secunia.com/advisories/22849 http://secunia.com/advisories/22992 http://secunia.com/advisories/23883 http://secunia.com/advisories/24711 http://security.gentoo.org/glsa/glsa-200609-19.xml http://security.gentoo.org/glsa/glsa-200610-01.xml http://securitytracker.com/id?1016858 http://securitytracker.com/id?1016859 http://securitytracker.com/id?1016860 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.debian.org/security/2006/dsa-1192 http://www.debian.org/security/2006/dsa-1210 http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ http://www.mozilla.org/security/announce/2006/mfsa2006-60.html http://www.mozilla.org/security/announce/2006/mfsa2006-66.html http://www.novell.com/linux/security/advisories/2006_54_mozilla.html http://www.novell.com/linux/security/advisories/2006_55_ssl.html http://www.redhat.com/support/errata/RHSA-2006-0675.html http://www.redhat.com/support/errata/RHSA-2006-0676.html http://www.redhat.com/support/errata/RHSA-2006-0677.html http://www.securityfocus.com/archive/1/446140/100/0/threaded http://www.ubuntu.com/usn/usn-350-1 http://www.ubuntu.com/usn/usn-351-1 http://www.ubuntu.com/usn/usn-352-1 http://www.ubuntu.com/usn/usn-354-1 http://www.ubuntu.com/usn/usn-361-1 http://www.us.debian.org/security/2006/dsa-1191 http://www.us-cert.gov/cas/techalerts/TA06-312A.html http://www.vupen.com/english/advisories/2006/3617 http://www.vupen.com/english/advisories/2006/3622 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2006/3899 http://www.vupen.com/english/advisories/2007/0293 http://www.vupen.com/english/advisories/2007/1198 http://www.vupen.com/english/advisories/2008/0083 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 https://exchange.xforce.ibmcloud.com/vulnerabilities/30098 https://issues.rpath.com/browse/RPL-640 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11007

Share on: