6.4
CVE-2006-5462
- EPSS 2.63%
- Veröffentlicht 08.11.2006 21:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:14
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Network Security Services Version3.11.3
Mozilla ≫ Thunderbird Version1.5
Mozilla ≫ Thunderbird Version1.5 Updatebeta2
Mozilla ≫ Thunderbird Version1.5.0.1
Mozilla ≫ Thunderbird Version1.5.0.2
Mozilla ≫ Thunderbird Version1.5.0.3
Mozilla ≫ Thunderbird Version1.5.0.4
Mozilla ≫ Thunderbird Version1.5.0.6
Mozilla ≫ Thunderbird Version1.5.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.63% | 0.836 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
http://secunia.com/advisories/22929
http://secunia.com/advisories/22066
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2008/0083
http://secunia.com/advisories/24711
http://www.vupen.com/english/advisories/2007/1198
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
http://secunia.com/advisories/23197
http://secunia.com/advisories/23202
http://secunia.com/advisories/23235
http://www.debian.org/security/2006/dsa-1224
http://www.debian.org/security/2006/dsa-1225
http://www.debian.org/security/2006/dsa-1227
http://secunia.com/advisories/23883
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
http://www.vupen.com/english/advisories/2007/0293
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
http://rhn.redhat.com/errata/RHSA-2006-0733.html
http://rhn.redhat.com/errata/RHSA-2006-0734.html
http://rhn.redhat.com/errata/RHSA-2006-0735.html
http://secunia.com/advisories/22722
http://secunia.com/advisories/22727
http://secunia.com/advisories/22737
http://secunia.com/advisories/22763
http://secunia.com/advisories/22770
http://secunia.com/advisories/22815
http://secunia.com/advisories/22817
http://secunia.com/advisories/22965
http://secunia.com/advisories/22980
http://secunia.com/advisories/23009
http://secunia.com/advisories/23013
http://secunia.com/advisories/23263
http://secunia.com/advisories/23287
http://secunia.com/advisories/23297
http://security.gentoo.org/glsa/glsa-200612-06.xml
http://security.gentoo.org/glsa/glsa-200612-07.xml
http://security.gentoo.org/glsa/glsa-200612-08.xml
http://securitytracker.com/id?1017180
http://securitytracker.com/id?1017181
http://securitytracker.com/id?1017182
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
http://www.kb.cert.org/vuls/id/335392
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
http://www.ubuntu.com/usn/usn-381-1
http://www.ubuntu.com/usn/usn-382-1
http://www.vupen.com/english/advisories/2006/4387
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478