Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2006-4340HistorySep 15, 2006 - 6:07 p.m.
CVE-2006-4340
2006-09-1518:07:00
Debian Security Bug Tracker
security-tracker.debian.org
16
6.4 Medium
AI Score
Confidence
High
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.264 Low
EPSS
Percentile
96.7%
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | < 1.5.dfsg+1.5.0.7-1 | firefox_1.5.dfsg+1.5.0.7-1_all.deb |
| Debian | 12 | all | thunderbird | < 1.5.0.7-1 | thunderbird_1.5.0.7-1_all.deb |
| Debian | 11 | all | thunderbird | < 1.5.0.7-1 | thunderbird_1.5.0.7-1_all.deb |
| Debian | 10 | all | thunderbird | < 1.5.0.7-1 | thunderbird_1.5.0.7-1_all.deb |
| Debian | 999 | all | thunderbird | < 1.5.0.7-1 | thunderbird_1.5.0.7-1_all.deb |
Related
ubuntucve
ubuntucve
cve
cve
nessus
nessus
OpenSSL < 0.9.7k / 0.9.8c PKCS Padding RSA Signature Forgery Vulnerability
2012-01-04 00:00:00
SUSE-SA:2006:055: openssl,mozilla-nss
2007-02-18 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200610-06 (nss)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200610-06 (nss)
2008-09-24 00:00:00
Solaris Update for NSPR 4.1.6 / NSS 3.3.4.8 114049-14
2009-06-03 00:00:00
mozilla
mozilla
RSA Signature Forgery — Mozilla
2006-09-14 00:00:00
RSA Signature Forgery (variant) — Mozilla
2006-11-07 00:00:00
debiancve
debiancve
gentoo
gentoo
Mozilla Network Security Service (NSS): RSA signature forgery
2006-10-17 00:00:00
OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
2006-09-07 00:00:00
Mozilla Thunderbird: Multiple vulnerabilities
2006-12-10 00:00:00
suse
suse
RSA signature evasion in openssl,mozilla-nss
2006-09-22 15:25:59
remote code execution in opera
2006-10-19 13:18:21
remote denial of service in MozillaFirefox,MozillaThunderbird,seamonkey
2006-11-16 19:09:31
veracode
veracode
Spoofable SSL Certificate
2020-04-10 00:13:11
Denial Of Service (DoS)
2020-04-10 00:12:15
cert
cert
The Mozilla Network Security Services library fails to properly verify RSA signatures
2006-11-08 00:00:00
Multiple RSA implementations fail to properly handle signatures
2006-09-11 00:00:00
f5
f5
K6623 : OpenSSL signature vulnerability - CVE-2006-4339
2013-03-26 00:00:00
SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339
2007-05-16 00:00:00
centos
centos
openssl, openssl095a, openssl096 security update
2006-09-11 00:52:04
openssl, openssl096b security update
2006-09-08 09:58:00
firefox security update
2006-11-09 21:11:25
debian
debian
checkpoint_advisories
checkpoint_advisories
Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability
2006-11-13 00:00:00
securityvulns
securityvulns
OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339)
2006-09-05 00:00:00
SIP over TLS: X.509 peer authentication vulnerability in Ingate products
2006-09-15 00:00:00
[OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind)
2006-11-05 00:00:00
slackware
slackware
[slackware-security] openssl
2006-09-14 22:05:20
[slackware-security] bind
2006-11-07 06:26:27
ubuntu
ubuntu
OpenSSL vulnerability
2006-09-05 00:00:00
Thunderbird vulnerabilities
2006-11-21 00:00:00
Firefox vulnerabilities
2006-11-21 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:19.openssl
2006-09-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt4
2006-09-06 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt4
2006-09-06 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt4
2006-09-06 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2006-4339
2006-09-05 00:00:00
jvn
jvn
JVN#51615542: Adobe Reader fails to properly handle signatures
2012-08-30 00:00:00
osv
osv
openssl - cryptographic weakness
2006-09-10 00:00:00
CVE-2018-16150
2018-11-07 20:29:00
mozilla-firefox
2006-12-03 00:00:00
checkpoint_security
checkpoint_security
OpenSSL CVE-2006-4339 8732 vulnerability Fix
2006-10-18 22:00:00
redhat
redhat
(RHSA-2006:0661) openssl security update
2006-09-06 00:00:00
(RHSA-2006:0733) Critical: firefox security update
2006-11-07 00:00:00
(RHSA-2006:0734) Critical: seamonkey security update
2006-11-08 00:00:00
freebsd
freebsd
openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)
2006-09-06 00:00:00
opera -- RSA Signature Forgery
2006-09-18 00:00:00
prion
prion
Code injection
2018-11-07 20:29:00
cisco
cisco
OpenSSL RSA Signature Forgery Vulnerability
2006-09-05 17:39:31
oraclelinux
oraclelinux
Important openssl security update
2006-11-30 00:00:00
6.4 Medium
AI Score
Confidence
High
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
0.264 Low
EPSS
Percentile
96.7%
Related for DEBIANCVE:CVE-2006-4340