Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2006-5462

Published: 08/11/2006 Updated: 11/10/2017
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Mozilla

Vulnerability Summary

Mozilla Network Security Service (NSS) library prior to 3.11.3, as used in Mozilla Firefox prior to 1.5.0.8, Thunderbird prior to 1.5.0.8, and SeaMonkey prior to 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote malicious users to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox 1.5.0.2

mozilla firefox 1.5.0.3

mozilla seamonkey 1.0

mozilla seamonkey 1.0.1

mozilla thunderbird 1.5

mozilla firefox 1.5

mozilla firefox 1.5.0.1

mozilla network security services 3.11.3

mozilla thunderbird 1.5.0.6

mozilla thunderbird 1.5.0.7

mozilla firefox 1.5.0.4

mozilla firefox 1.5.0.5

mozilla seamonkey 1.0.2

mozilla seamonkey 1.0.3

mozilla thunderbird 1.5.0.1

mozilla thunderbird 1.5.0.2

mozilla firefox 1.5.0.6

mozilla firefox 1.5.0.7

mozilla seamonkey 1.0.4

mozilla seamonkey 1.0.5

mozilla thunderbird 1.5.0.3

mozilla thunderbird 1.5.0.4

Vendor Advisories

Ubuntu Security Notice: mozilla-thunderbird vulnerabilities
USN-352-1 fixed a flaw in the verification of PKCS certificate signatures Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover (CVE-2006-5462) ...
Ubuntu Security Notice: firefox vulnerabilities
USN-351-1 fixed a flaw in the verification of PKCS certificate signatures Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover (CVE-2006-5462) ...
Debian Security Advisories: DSA-1227-1 mozilla-thunderbird -- several vulnerabilities
Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service CVE-2006-5462 Ulrich ...
Debian Security Advisories: DSA-1224-1 mozilla -- several vulnerabilities
Several security related problems have been discovered in Mozilla and derived products The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service CVE-2006-5462 Ulrich Kühn discovered that the c ...
Debian Security Advisories: DSA-1225-2 mozilla-firefox -- several vulnerabilities
This update covers packages for the little endian MIPS architecture missing in the original advisory For reference please find below the original advisory text: Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox The Common Vulnerabilities and Exposures project identifies the following v ...
Mozilla: RSA Signature Forgery (variant)
Mozilla Foundation Security Advisory 2006-66 RSA Signature Forgery (variant) Announced November 7, 2006 Reporter Ulrich Kuehn Impact Critical Products Firefox, SeaMonkey, Thunderbird Fixed in ...

References

NVD-CWE-Otherhttp://www.mozilla.org/security/announce/2006/mfsa2006-66.htmlhttp://www.mozilla.org/security/announce/2006/mfsa2006-60.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=356215http://www.us-cert.gov/cas/techalerts/TA06-312A.htmlhttp://www.kb.cert.org/vuls/id/335392http://securitytracker.com/id?1017180http://securitytracker.com/id?1017181http://securitytracker.com/id?1017182http://secunia.com/advisories/22722http://secunia.com/advisories/22770http://rhn.redhat.com/errata/RHSA-2006-0733.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0734.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0735.htmlhttp://secunia.com/advisories/22727http://secunia.com/advisories/22737http://secunia.com/advisories/22763http://support.avaya.com/elmodocs2/security/ASA-2006-246.htmftp://patches.sgi.com/support/free/security/advisories/20061101-01-Phttp://www.novell.com/linux/security/advisories/2006_68_mozilla.htmlhttp://www.ubuntu.com/usn/usn-381-1http://www.ubuntu.com/usn/usn-382-1http://secunia.com/advisories/22817http://secunia.com/advisories/22929http://secunia.com/advisories/22965http://secunia.com/advisories/22980http://secunia.com/advisories/23009http://secunia.com/advisories/23013http://www.debian.org/security/2006/dsa-1224http://www.debian.org/security/2006/dsa-1225http://www.debian.org/security/2006/dsa-1227http://secunia.com/advisories/23197http://secunia.com/advisories/23202http://secunia.com/advisories/23235http://security.gentoo.org/glsa/glsa-200612-06.xmlhttp://security.gentoo.org/glsa/glsa-200612-07.xmlhttp://security.gentoo.org/glsa/glsa-200612-08.xmlhttp://secunia.com/advisories/23263http://secunia.com/advisories/23287http://secunia.com/advisories/23297http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1http://secunia.com/advisories/23883http://secunia.com/advisories/22815http://secunia.com/advisories/24711http://www.mandriva.com/security/advisories?name=MDKSA-2006:205http://www.mandriva.com/security/advisories?name=MDKSA-2006:206http://secunia.com/advisories/22066http://www.vupen.com/english/advisories/2006/4387http://www.vupen.com/english/advisories/2007/0293http://www.vupen.com/english/advisories/2006/3748http://www.vupen.com/english/advisories/2007/1198http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742http://www.vupen.com/english/advisories/2008/0083https://exchange.xforce.ibmcloud.com/vulnerabilities/30098https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478https://nvd.nist.govhttps://usn.ubuntu.com/382-1/https://www.kb.cert.org/vuls/id/335392
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook