Secunia - Stay Secure
Gartner
Home Corporate Website Jobs Mailing Lists RSS Blog Advertise
Software Inspectors
  Scan Online
  Personal (PSI)
  Network (NSI 2.0)

Solutions For
  Security Professionals
  Security Vendors

Free Solutions For
  Open Communities
  Journalists & Media

Secunia Advisories
  Search
  Historic Advisories
  Listed By Product
  Listed By Vendor
  Statistics / Graphs
  Secunia Research
  Report Vulnerability
  About Advisories

Virus Information
  Chronological List
  Last 10 Virus Alerts
  About Virus Information

Secunia Customers
  Customer Area


CVE Reference: CVE-2006-4340

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2006-4340

Description:
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/30098

UBUNTU
  http://www.ubuntu.com/usn/usn-361-1
  http://www.ubuntu.com/usn/usn-351-1
  http://www.ubuntu.com/usn/usn-352-1
  http://www.ubuntu.com/usn/usn-354-1
  http://www.ubuntu.com/usn/usn-350-1

SUSE
  http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
  http://www.novell.com/linux/security/advisories/2006_55_ssl.html

SUNALERT
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
  http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

ST
  1016860
  1016859
  1016858

SGI

SAID
  Secunia Advisory: SA23883
  Secunia Advisory: SA22992
  Secunia Advisory: SA22195
  Secunia Advisory: SA22056
  Secunia Advisory: SA22849
  Secunia Advisory: SA22446
  Secunia Advisory: SA22422
  Secunia Advisory: SA22342
  Secunia Advisory: SA22299
  Secunia Advisory: SA22274
  Secunia Advisory: SA22247
  Secunia Advisory: SA22226
  Secunia Advisory: SA22210
  Secunia Advisory: SA22088
  Secunia Advisory: SA22074
  Secunia Advisory: SA22055
  Secunia Advisory: SA22025
  Secunia Advisory: SA22001
  Secunia Advisory: SA22036
  Secunia Advisory: SA21950
  Secunia Advisory: SA21940
  Secunia Advisory: SA21939
  Secunia Advisory: SA21916
  Secunia Advisory: SA21915
  Secunia Advisory: SA21903
  Secunia Advisory: SA21949
  Secunia Advisory: SA21906
  Secunia Advisory: SA22044
  Secunia Advisory: SA24711
  Secunia Advisory: SA22066

REDHAT
  http://www.redhat.com/support/errata/RHSA-2006-0675.html
  http://www.redhat.com/support/errata/RHSA-2006-0676.html
  http://www.redhat.com/support/errata/RHSA-2006-0677.html

MLIST
  http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

MISC
  http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
  http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:168

HP
  http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

GENTOO
  http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
  http://security.gentoo.org/glsa/glsa-200610-01.xml
  http://security.gentoo.org/glsa/glsa-200609-19.xml

DEBIAN
  http://www.debian.org/security/2006/dsa-1210
  http://www.debian.org/security/2006/dsa-1192
  http://www.us.debian.org/security/2006/dsa-1191

CONFIRM
  http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
  http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
  http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

CERT
  http://www.us-cert.gov/cas/techalerts/TA06-312A.html

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/446140/100/0/threaded


Return to the previous page.





Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Do you think it's important to read Setup/User Guides for applications for use within your network?


See Results   


Most Popular Advisories

1.
Blender Multiple Temporary File Security Issues
2.
Drupal Site Documentation Module Information Disclosure
3.
Symantec Altiris Deployment Solution Multiple Vulnerabilities
4.
Kostenloses Linkmanagements cript Multiple Vulnerabilities
5.
68 Classifieds "cat" SQL Injection Vulnerability
6.
Pet Grooming Management System "useradded.php" Security Bypass
7.
W1L3D4 Philboard Multiple SQL Injection Vulnerabilities
8.
Interspire ActiveKB Admin Interface Cookie Security Bypass
9.
Feedback and Rating Script "listingid" SQL Injection
10.
e107 BLOG Engine Plugin "rid" SQL Injection





Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia