570 matches found
GLSA-200612-06 : Mozilla Thunderbird: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200612-06 Mozilla Thunderbird: Multiple vulnerabilities It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is...
CVE-2006-5462
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
DEBIAN-CVE-2006-5462
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
CVE-2006-5462
CVE-2006-5462 affects the NSS library used by Mozilla Firefox (pre-3.11.3 NSS) and by Thunderbird/SeaMonkey in versions before the listed patched releases. The issue arises when using an RSA key with exponent 3 and corrupted/extra data in a PKCS#1 signature, enabling forgery of SSL/TLS and email ...
security flaw
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
security flaw
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
security flaw
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
GLSA-200610-06 : Mozilla Network Security Service (NSS): RSA signature forgery
The remote host is affected by the vulnerability described in GLSA-200610-06 Mozilla Network Security Service NSS: RSA signature forgery Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3. This affects a number of RSA signature...
GLSA-200609-18 : Opera: RSA signature forgery
The remote host is affected by the vulnerability described in GLSA-200609-18 Opera: RSA signature forgery Opera makes use of OpenSSL, which fails to correctly verify PKCS 1 v1.5 RSA signatures signed by a key with exponent 3. Some CAs in Opera's list of trusted signers are using root certificates...
FreeBSD : opera -- RSA Signature Forgery (1fe734bf-4a06-11db-b48d-00508d6a62df)
Opera reports : A specially crafted digital certificate can bypass Opera's certificate signature verification. Forged certificates can contain any false information the forger chooses, and Opera will still present it as valid. Opera will not present any warning dialogs in this case, and the...
opera -- RSA Signature Forgery
Opera reports: A specially crafted digital certificate can bypass Opera's certificate signature verification. Forged certificates can contain any false information the forger chooses, and Opera will still present it as valid. Opera will not present any warning dialogs in this case, and the securi...
DEBIAN-CVE-2006-4340
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
security flaw
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
security flaw
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
security flaw
Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...
SIP over TLS: X.509 peer authentication vulnerability in Ingate products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SIP over TLS: X.509 peer authentication vulnerability in Ingate products ======================================================================== Product: Ingate Firewall and Ingate SIParator Versions: all current versions Tracking ID: 2829 Summary...
FreeBSD : mozilla -- multiple vulnerabilities (e6296105-449b-11db-ba89-000c6ec775d9)
The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 - MFSA...
Fixed in Firefox 1.5.0.7
MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 MFSA 2006-62 Popup-blocker cross-site scripting XSS MFSA 2006-61 Frame spoofing using document.open MFSA 2006-60 RSA Signature Forgery MFSA 2006-59 Concurrency-related vulnerability MFSA 2006-58 Auto-Update compromise through DNS...
[slackware-security] openssl
New openssl packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a signature forgery security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-433...
RSA Signature Forgery — Mozilla
Philip Mackenzie and Marius Schilder of Google informed us of Daniel Bleichenbacher's recent presentation of a common implementation error in RSA signature verification, a failure to account for extra data in the signature. For signatures with a small exponent such as 3 it is possible for an...