CVE-2006-5462 - CVE Reference - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CVE Reference: CVE-2006-5462

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5462

Description: Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/30098 UBUNTU http://www.ubuntu.com/usn/usn-382-1 http://www.ubuntu.com/usn/usn-381-1 SUSE http://www.novell.com/linux/security/advisories/2006_68_mozilla.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 ST 1017182 1017181 1017180 SGI SAID Secunia Advisory: SA23263 Secunia Advisory: SA23235 Secunia Advisory: SA23202 Secunia Advisory: SA23197 Secunia Advisory: SA23013 Secunia Advisory: SA23009 Secunia Advisory: SA22980 Secunia Advisory: SA22965 Secunia Advisory: SA22929 Secunia Advisory: SA22817 Secunia Advisory: SA22763 Secunia Advisory: SA22737 Secunia Advisory: SA22727 Secunia Advisory: SA22770 Secunia Advisory: SA22722 Secunia Advisory: SA23287 Secunia Advisory: SA23297 Secunia Advisory: SA23883 Secunia Advisory: SA22815 Secunia Advisory: SA24711 Secunia Advisory: SA22066 REDHAT http://rhn.redhat.com/errata/RHSA-2006-0734.html http://rhn.redhat.com/errata/RHSA-2006-0735.html http://rhn.redhat.com/errata/RHSA-2006-0733.html MISC http://www.mozilla.org/security/announce/2006/mfsa2006-60.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:205 http://www.mandriva.com/security/advisories?name=MDKSA-2006:206 HP http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 GENTOO http://security.gentoo.org/glsa/glsa-200612-08.xml http://security.gentoo.org/glsa/glsa-200612-07.xml http://security.gentoo.org/glsa/glsa-200612-06.xml DEBIAN http://www.debian.org/security/2006/dsa-1225 http://www.debian.org/security/2006/dsa-1227 http://www.debian.org/security/2006/dsa-1224 CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-66.html http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm CERT-VN 335392 CERT http://www.us-cert.gov/cas/techalerts/TA06-312A.html

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Microsoft Windows DNS Spoofing Vulnerabilities

2.	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability

3.	Microsoft Windows Explorer Saved Search Vulnerability

4.	Joomla Unauthorized Access Vulnerabilities

5.	Microsoft SQL Server and MSDE Multiple Vulnerabilities

6.	Microsoft Outlook Web Access Script Insertion Vulnerabilities

7.	Mozilla Firefox Multiple Vulnerabilities

8.	Symantec Brightmail AntiSpam Notifier Denial of Service

9.	ArticleBeach Script "page" File Inclusion Vulnerability

10.	PHP-Nuke 4ndvddb Module "id" SQL Injection Vulnerability