Mozilla Network Security Service (NSS) library prior to 3.11.3, as used in Mozilla Firefox prior to 1.5.0.8, Thunderbird prior to 1.5.0.8, and SeaMonkey prior to 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote malicious users to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 1.5.0.2 |
||
mozilla firefox 1.5.0.3 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.0.1 |
||
mozilla thunderbird 1.5 |
||
mozilla firefox 1.5 |
||
mozilla firefox 1.5.0.1 |
||
mozilla network security services 3.11.3 |
||
mozilla thunderbird 1.5.0.6 |
||
mozilla thunderbird 1.5.0.7 |
||
mozilla firefox 1.5.0.4 |
||
mozilla firefox 1.5.0.5 |
||
mozilla seamonkey 1.0.2 |
||
mozilla seamonkey 1.0.3 |
||
mozilla thunderbird 1.5.0.1 |
||
mozilla thunderbird 1.5.0.2 |
||
mozilla firefox 1.5.0.6 |
||
mozilla firefox 1.5.0.7 |
||
mozilla seamonkey 1.0.4 |
||
mozilla seamonkey 1.0.5 |
||
mozilla thunderbird 1.5.0.3 |
||
mozilla thunderbird 1.5.0.4 |