CVE-2006-5462 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5462
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5462

Description: Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/30098 UBUNTU http://www.ubuntu.com/usn/usn-382-1 http://www.ubuntu.com/usn/usn-381-1 SUSE http://www.novell.com/linux/security/advisories/2006_68_mozilla.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 ST 1017182 1017181 1017180 SGI SAID Secunia Advisory: SA23263 Secunia Advisory: SA23235 Secunia Advisory: SA23202 Secunia Advisory: SA23197 Secunia Advisory: SA23013 Secunia Advisory: SA23009 Secunia Advisory: SA22980 Secunia Advisory: SA22965 Secunia Advisory: SA22929 Secunia Advisory: SA22817 Secunia Advisory: SA22763 Secunia Advisory: SA22737 Secunia Advisory: SA22727 Secunia Advisory: SA22770 Secunia Advisory: SA22722 Secunia Advisory: SA23287 Secunia Advisory: SA23297 Secunia Advisory: SA23883 Secunia Advisory: SA22815 Secunia Advisory: SA24711 Secunia Advisory: SA22066 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0734.html http://rhn.redhat.com/errata/RHSA-2006-0735.html http://rhn.redhat.com/errata/RHSA-2006-0733.html MISC http://www.mozilla.org/security/announce/2006/mfsa2006-60.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:205 http://www.mandriva.com/security/advisories?name=MDKSA-2006:206 HP http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 GENTOO http://security.gentoo.org/glsa/glsa-200612-08.xml http://security.gentoo.org/glsa/glsa-200612-07.xml http://security.gentoo.org/glsa/glsa-200612-06.xml DEBIAN http://www.debian.org/security/2006/dsa-1225 http://www.debian.org/security/2006/dsa-1227 http://www.debian.org/security/2006/dsa-1224 CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-66.html http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm CERT-VN 335392 CERT http://www.us-cert.gov/cas/techalerts/TA06-312A.html

Return to the previous page.