CVE-2006-5462
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.445 Medium
EPSS
Percentile
97.4%
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
Affected configurations
References
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
rhn.redhat.com/errata/RHSA-2006-0733.html
rhn.redhat.com/errata/RHSA-2006-0734.html
rhn.redhat.com/errata/RHSA-2006-0735.html
secunia.com/advisories/22066
secunia.com/advisories/22722
secunia.com/advisories/22727
secunia.com/advisories/22737
secunia.com/advisories/22763
secunia.com/advisories/22770
secunia.com/advisories/22815
secunia.com/advisories/22817
secunia.com/advisories/22929
secunia.com/advisories/22965
secunia.com/advisories/22980
secunia.com/advisories/23009
secunia.com/advisories/23013
secunia.com/advisories/23197
secunia.com/advisories/23202
secunia.com/advisories/23235
secunia.com/advisories/23263
secunia.com/advisories/23287
secunia.com/advisories/23297
secunia.com/advisories/23883
secunia.com/advisories/24711
security.gentoo.org/glsa/glsa-200612-06.xml
security.gentoo.org/glsa/glsa-200612-07.xml
security.gentoo.org/glsa/glsa-200612-08.xml
securitytracker.com/id?1017180
securitytracker.com/id?1017181
securitytracker.com/id?1017182
sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
support.avaya.com/elmodocs2/security/ASA-2006-246.htm
www.debian.org/security/2006/dsa-1224
www.debian.org/security/2006/dsa-1225
www.debian.org/security/2006/dsa-1227
www.kb.cert.org/vuls/id/335392
www.mandriva.com/security/advisories?name=MDKSA-2006:205
www.mandriva.com/security/advisories?name=MDKSA-2006:206
www.mozilla.org/security/announce/2006/mfsa2006-60.html
www.mozilla.org/security/announce/2006/mfsa2006-66.html
www.novell.com/linux/security/advisories/2006_68_mozilla.html
www.ubuntu.com/usn/usn-381-1
www.ubuntu.com/usn/usn-382-1
www.us-cert.gov/cas/techalerts/TA06-312A.html
www.vupen.com/english/advisories/2006/3748
www.vupen.com/english/advisories/2006/4387
www.vupen.com/english/advisories/2007/0293
www.vupen.com/english/advisories/2007/1198
www.vupen.com/english/advisories/2008/0083
www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
bugzilla.mozilla.org/show_bug.cgi?id=356215
exchange.xforce.ibmcloud.com/vulnerabilities/30098
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478
Related
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.445 Medium
EPSS
Percentile
97.4%