4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
6 Medium
AI Score
Confidence
High
0.445 Medium
EPSS
Percentile
97.4%
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
secunia.com/advisories/21903
secunia.com/advisories/21906
secunia.com/advisories/21915
secunia.com/advisories/21916
secunia.com/advisories/21939
secunia.com/advisories/21940
secunia.com/advisories/21949
secunia.com/advisories/21950
secunia.com/advisories/22001
secunia.com/advisories/22025
secunia.com/advisories/22036
secunia.com/advisories/22044
secunia.com/advisories/22055
secunia.com/advisories/22056
secunia.com/advisories/22066
secunia.com/advisories/22074
secunia.com/advisories/22088
secunia.com/advisories/22195
secunia.com/advisories/22210
secunia.com/advisories/22226
secunia.com/advisories/22247
secunia.com/advisories/22274
secunia.com/advisories/22299
secunia.com/advisories/22342
secunia.com/advisories/22422
secunia.com/advisories/22446
secunia.com/advisories/22849
secunia.com/advisories/22992
secunia.com/advisories/23883
secunia.com/advisories/24711
security.gentoo.org/glsa/glsa-200609-19.xml
security.gentoo.org/glsa/glsa-200610-01.xml
securitytracker.com/id?1016858
securitytracker.com/id?1016859
securitytracker.com/id?1016860
sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
support.avaya.com/elmodocs2/security/ASA-2006-224.htm
support.avaya.com/elmodocs2/security/ASA-2006-250.htm
www.debian.org/security/2006/dsa-1192
www.debian.org/security/2006/dsa-1210
www.gentoo.org/security/en/glsa/glsa-200610-06.xml
www.imc.org/ietf-openpgp/mail-archive/msg14307.html
www.mandriva.com/security/advisories?name=MDKSA-2006:168
www.mandriva.com/security/advisories?name=MDKSA-2006:169
www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
www.mozilla.org/security/announce/2006/mfsa2006-60.html
www.mozilla.org/security/announce/2006/mfsa2006-66.html
www.novell.com/linux/security/advisories/2006_54_mozilla.html
www.novell.com/linux/security/advisories/2006_55_ssl.html
www.redhat.com/support/errata/RHSA-2006-0675.html
www.redhat.com/support/errata/RHSA-2006-0676.html
www.redhat.com/support/errata/RHSA-2006-0677.html
www.securityfocus.com/archive/1/446140/100/0/threaded
www.ubuntu.com/usn/usn-350-1
www.ubuntu.com/usn/usn-351-1
www.ubuntu.com/usn/usn-352-1
www.ubuntu.com/usn/usn-354-1
www.ubuntu.com/usn/usn-361-1
www.us-cert.gov/cas/techalerts/TA06-312A.html
www.us.debian.org/security/2006/dsa-1191
www.vupen.com/english/advisories/2006/3617
www.vupen.com/english/advisories/2006/3622
www.vupen.com/english/advisories/2006/3748
www.vupen.com/english/advisories/2006/3899
www.vupen.com/english/advisories/2007/0293
www.vupen.com/english/advisories/2007/1198
www.vupen.com/english/advisories/2008/0083
www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
exchange.xforce.ibmcloud.com/vulnerabilities/30098
issues.rpath.com/browse/RPL-640
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007