National Cyber Awareness System

Vulnerability Summary for CVE-2006-5462

Overview

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

Impact

CVSS Severity (version 2.0 upgrade from v1.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA06-312A

Name: TA06-312A

Type: Patch Information

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA06-312A.html

US-CERT Vulnerability Note: VU#335392

Name: VU#335392

Type: Patch Information

Hyperlink:http://www.kb.cert.org/vuls/id/335392

External Source: MISC

Name: https://bugzilla.mozilla.org/show_bug.cgi?id=356215

Type: Patch Information

Hyperlink:https://bugzilla.mozilla.org/show_bug.cgi?id=356215

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2006/mfsa2006-66.html

Type: Patch Information

Hyperlink:http://www.mozilla.org/security/announce/2006/mfsa2006-66.html

External Source: MISC

Name: http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

Type: Patch Information

Hyperlink:http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

External Source: SECUNIA

Name: 22770

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/22770

External Source: SECUNIA

Name: 22722

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/22722

External Source: HP

Name: SSRT061181

Hyperlink:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

External Source: VUPEN

Name: ADV-2008-0083

Hyperlink:http://www.vupen.com/english/advisories/2008/0083

External Source: VUPEN

Name: ADV-2007-1198

Hyperlink:http://www.vupen.com/english/advisories/2007/1198

External Source: VUPEN

Name: ADV-2007-0293

Hyperlink:http://www.vupen.com/english/advisories/2007/0293

External Source: VUPEN

Name: ADV-2006-4387

Hyperlink:http://www.vupen.com/english/advisories/2006/4387

External Source: VUPEN

Name: ADV-2006-3748

Hyperlink:http://www.vupen.com/english/advisories/2006/3748

External Source: SECTRACK

Name: 1017182

Hyperlink:http://securitytracker.com/id?1017182

External Source: SECTRACK

Name: 1017181

Hyperlink:http://securitytracker.com/id?1017181

External Source: SECTRACK

Name: 1017180

Hyperlink:http://securitytracker.com/id?1017180

External Source: OVAL

Name: oval:org.mitre.oval:def:10478

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10478

External Source: XF

Name: mozilla-nss-security-bypass(30098)

Hyperlink:http://xforce.iss.net/xforce/xfdb/30098

External Source: HP

Name: SSRT061181

Hyperlink:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

External Source: UBUNTU

Name: USN-382-1

Hyperlink:http://www.ubuntu.com/usn/usn-382-1

External Source: UBUNTU

Name: USN-381-1

Hyperlink:http://www.ubuntu.com/usn/usn-381-1

External Source: SUSE

Name: SUSE-SA:2006:068

Hyperlink:http://www.novell.com/linux/security/advisories/2006_68_mozilla.html

External Source: MANDRIVA

Name: MDKSA-2006:206

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:206

External Source: MANDRIVA

Name: MDKSA-2006:205

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2006:205

External Source: DEBIAN

Name: DSA-1227

Hyperlink:http://www.debian.org/security/2006/dsa-1227

External Source: DEBIAN

Name: DSA-1225

Hyperlink:http://www.debian.org/security/2006/dsa-1225

External Source: DEBIAN

Name: DSA-1224

Hyperlink:http://www.debian.org/security/2006/dsa-1224

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

External Source: SUNALERT

Name: 102781

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1

External Source: GENTOO

Name: GLSA-200612-08

Hyperlink:http://security.gentoo.org/glsa/glsa-200612-08.xml

External Source: GENTOO

Name: GLSA-200612-07

Hyperlink:http://security.gentoo.org/glsa/glsa-200612-07.xml

External Source: GENTOO

Name: GLSA-200612-06

Hyperlink:http://security.gentoo.org/glsa/glsa-200612-06.xml

External Source: SECUNIA

Name: 24711

Hyperlink:http://secunia.com/advisories/24711

External Source: SECUNIA

Name: 23883

Hyperlink:http://secunia.com/advisories/23883

External Source: SECUNIA

Name: 23297

Hyperlink:http://secunia.com/advisories/23297

External Source: SECUNIA

Name: 23287

Hyperlink:http://secunia.com/advisories/23287

External Source: SECUNIA

Name: 23263

Hyperlink:http://secunia.com/advisories/23263

External Source: SECUNIA

Name: 23235

Hyperlink:http://secunia.com/advisories/23235

External Source: SECUNIA

Name: 23202

Hyperlink:http://secunia.com/advisories/23202

External Source: SECUNIA

Name: 23197

Hyperlink:http://secunia.com/advisories/23197

External Source: SECUNIA

Name: 23013

Hyperlink:http://secunia.com/advisories/23013

External Source: SECUNIA

Name: 23009

Hyperlink:http://secunia.com/advisories/23009

External Source: SECUNIA

Name: 22980

Hyperlink:http://secunia.com/advisories/22980

External Source: SECUNIA

Name: 22965

Hyperlink:http://secunia.com/advisories/22965

External Source: SECUNIA

Name: 22929

Hyperlink:http://secunia.com/advisories/22929

External Source: SECUNIA

Name: 22817

Hyperlink:http://secunia.com/advisories/22817

External Source: SECUNIA

Name: 22815

Hyperlink:http://secunia.com/advisories/22815

External Source: SECUNIA

Name: 22763

Hyperlink:http://secunia.com/advisories/22763

External Source: SECUNIA

Name: 22737

Hyperlink:http://secunia.com/advisories/22737

External Source: SECUNIA

Name: 22727

Hyperlink:http://secunia.com/advisories/22727

External Source: SECUNIA

Name: 22066

Hyperlink:http://secunia.com/advisories/22066

External Source: REDHAT

Name: RHSA-2006:0735

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0735.html

External Source: REDHAT

Name: RHSA-2006:0734

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0734.html

External Source: REDHAT

Name: RHSA-2006:0733

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0733.html

External Source: SGI

Name: 20061101-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P

References to Check Content

Identifier:oval:org.mitre.oval:def:10478

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10478