CVE-2006-5462 Information

Feb 14, 2021 cve

Description

Mozilla Network Security Service (NSS) library before 3.11.3 as used in Mozilla Firefox before 1.5.0.8 Thunderbird before 1.5.0.8 and SeaMonkey before 1.0.6 when using an RSA key with exponent 3 does not properly handle extra data in a signature which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P http://rhn.redhat.com/errata/RHSA-2006-0733.html http://rhn.redhat.com/errata/RHSA-2006-0734.html http://rhn.redhat.com/errata/RHSA-2006-0735.html http://secunia.com/advisories/22066 http://secunia.com/advisories/22722 http://secunia.com/advisories/22727 http://secunia.com/advisories/22737 http://secunia.com/advisories/22763 http://secunia.com/advisories/22770 http://secunia.com/advisories/22815 http://secunia.com/advisories/22817 http://secunia.com/advisories/22929 http://secunia.com/advisories/22965 http://secunia.com/advisories/22980 http://secunia.com/advisories/23009 http://secunia.com/advisories/23013 http://secunia.com/advisories/23197 http://secunia.com/advisories/23202 http://secunia.com/advisories/23235 http://secunia.com/advisories/23263 http://secunia.com/advisories/23287 http://secunia.com/advisories/23297 http://secunia.com/advisories/23883 http://secunia.com/advisories/24711 http://security.gentoo.org/glsa/glsa-200612-06.xml http://security.gentoo.org/glsa/glsa-200612-07.xml http://security.gentoo.org/glsa/glsa-200612-08.xml http://securitytracker.com/id?1017180 http://securitytracker.com/id?1017181 http://securitytracker.com/id?1017182 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm http://www.debian.org/security/2006/dsa-1224 http://www.debian.org/security/2006/dsa-1225 http://www.debian.org/security/2006/dsa-1227 http://www.kb.cert.org/vuls/id/335392 http://www.mandriva.com/security/advisories?name=MDKSA-2006:205 http://www.mandriva.com/security/advisories?name=MDKSA-2006:206 http://www.mozilla.org/security/announce/2006/mfsa2006-60.html http://www.mozilla.org/security/announce/2006/mfsa2006-66.html http://www.novell.com/linux/security/advisories/2006_68_mozilla.html http://www.ubuntu.com/usn/usn-381-1 http://www.ubuntu.com/usn/usn-382-1 http://www.us-cert.gov/cas/techalerts/TA06-312A.html http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2006/4387 http://www.vupen.com/english/advisories/2007/0293 http://www.vupen.com/english/advisories/2007/1198 http://www.vupen.com/english/advisories/2008/0083 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 https://bugzilla.mozilla.org/show_bug.cgi?id=356215 https://exchange.xforce.ibmcloud.com/vulnerabilities/30098 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10478

Share on: