6.4

CVE-2006-5462

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Version1.5.0.1
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.0.3
MozillaFirefox Version1.5.0.4
MozillaFirefox Version1.5.0.5
MozillaFirefox Version1.5.0.6
MozillaFirefox Version1.5.0.7
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0 Editionalpha
MozillaSeamonkey Version1.0 Editiondev
MozillaSeamonkey Version1.0 Updatebeta
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.2
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.5
MozillaThunderbird Version1.5
MozillaThunderbird Version1.5 Updatebeta2
MozillaThunderbird Version1.5.0.1
MozillaThunderbird Version1.5.0.2
MozillaThunderbird Version1.5.0.3
MozillaThunderbird Version1.5.0.4
MozillaThunderbird Version1.5.0.6
MozillaThunderbird Version1.5.0.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.63% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
http://secunia.com/advisories/22929
http://secunia.com/advisories/22066
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2008/0083
http://secunia.com/advisories/24711
http://www.vupen.com/english/advisories/2007/1198
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
http://secunia.com/advisories/23197
http://secunia.com/advisories/23202
http://secunia.com/advisories/23235
http://www.debian.org/security/2006/dsa-1224
http://www.debian.org/security/2006/dsa-1225
http://www.debian.org/security/2006/dsa-1227
http://secunia.com/advisories/23883
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
Patch
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
Patch
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
Patch
US Government Resource
http://www.vupen.com/english/advisories/2007/0293
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
http://rhn.redhat.com/errata/RHSA-2006-0733.html
http://rhn.redhat.com/errata/RHSA-2006-0734.html
http://rhn.redhat.com/errata/RHSA-2006-0735.html
http://secunia.com/advisories/22722
Patch
Vendor Advisory
http://secunia.com/advisories/22727
http://secunia.com/advisories/22737
http://secunia.com/advisories/22763
http://secunia.com/advisories/22770
Patch
Vendor Advisory
http://secunia.com/advisories/22815
http://secunia.com/advisories/22817
http://secunia.com/advisories/22965
http://secunia.com/advisories/22980
http://secunia.com/advisories/23009
http://secunia.com/advisories/23013
http://secunia.com/advisories/23263
http://secunia.com/advisories/23287
http://secunia.com/advisories/23297
http://security.gentoo.org/glsa/glsa-200612-06.xml
http://security.gentoo.org/glsa/glsa-200612-07.xml
http://security.gentoo.org/glsa/glsa-200612-08.xml
http://securitytracker.com/id?1017180
http://securitytracker.com/id?1017181
http://securitytracker.com/id?1017182
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
http://www.kb.cert.org/vuls/id/335392
Patch
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
http://www.ubuntu.com/usn/usn-381-1
http://www.ubuntu.com/usn/usn-382-1
http://www.vupen.com/english/advisories/2006/4387
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478