Published: 15/09/2006 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9

VMScore: 356

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Subscribe to Seamonkey

Mozilla Network Security Service (NSS) library prior to 3.11.3, as used in Mozilla Firefox prior to 1.5.0.7, Thunderbird prior to 1.5.0.7, and SeaMonkey prior to 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote malicious users to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla seamonkey
mozilla network security services
mozilla firefox
mozilla thunderbird

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function allows remote attackers to cause a denial of serv ...

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function allows remote attackers to cause a denial of ...

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569 CVE-2006-4571) ...

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571) ...

This update upgrades Thunderbird from 108 to 1507 This step was necessary since the 10x series is not supported by upstream any more ...

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571) ...

Mozilla Foundation Security Advisory 2006-60 RSA Signature Forgery Announced September 14, 2006 Reporter Philip Mackenzie, Marius Schilder Impact Critical Products Firefox, NSS, SeaMonkey, Thunderbird Fixed in ...

CWE-20 http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/http://www.redhat.com/support/errata/RHSA-2006-0676.html http://www.redhat.com/support/errata/RHSA-2006-0677.html http://secunia.com/advisories/21906 http://secunia.com/advisories/21949 http://www.redhat.com/support/errata/RHSA-2006-0675.html http://securitytracker.com/id?1016858 http://securitytracker.com/id?1016859 http://securitytracker.com/id?1016860 http://secunia.com/advisories/21903 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21950 ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://www.ubuntu.com/usn/usn-350-1 http://secunia.com/advisories/22036 http://secunia.com/advisories/22001 http://security.gentoo.org/glsa/glsa-200609-19.xml http://www.novell.com/linux/security/advisories/2006_54_mozilla.html http://www.novell.com/linux/security/advisories/2006_55_ssl.html http://www.ubuntu.com/usn/usn-351-1 http://www.ubuntu.com/usn/usn-352-1 http://www.ubuntu.com/usn/usn-354-1 http://secunia.com/advisories/22025 http://secunia.com/advisories/22055 http://secunia.com/advisories/22074 http://secunia.com/advisories/22088 http://www.us.debian.org/security/2006/dsa-1191 http://security.gentoo.org/glsa/glsa-200610-01.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://secunia.com/advisories/22210 http://secunia.com/advisories/22226 http://secunia.com/advisories/22247 http://secunia.com/advisories/22274 http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm http://www.debian.org/security/2006/dsa-1192 http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml http://www.ubuntu.com/usn/usn-361-1 http://secunia.com/advisories/22299 http://secunia.com/advisories/22342 http://secunia.com/advisories/22422 http://secunia.com/advisories/22446 http://www.us-cert.gov/cas/techalerts/TA06-312A.html http://www.debian.org/security/2006/dsa-1210 http://secunia.com/advisories/22849 http://secunia.com/advisories/22056 http://secunia.com/advisories/22195 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://secunia.com/advisories/22992 https://issues.rpath.com/browse/RPL-640 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 http://secunia.com/advisories/23883 http://secunia.com/advisories/22044 http://secunia.com/advisories/24711 http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 http://secunia.com/advisories/22066 http://www.vupen.com/english/advisories/2006/3617 http://www.vupen.com/english/advisories/2007/0293 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2007/1198 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 http://www.vupen.com/english/advisories/2008/0083 http://www.vupen.com/english/advisories/2006/3899 http://www.vupen.com/english/advisories/2006/3622 http://www.mozilla.org/security/announce/2006/mfsa2006-60.html http://www.mozilla.org/security/announce/2006/mfsa2006-66.html https://exchange.xforce.ibmcloud.com/vulnerabilities/30098 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007 http://www.securityfocus.com/archive/1/446140/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1210 https://usn.ubuntu.com/351-1/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook