SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2006-5462

Date: (C)2006-11-08 (M)2023-12-22

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE

Reference:

SECTRACK-1017180

SECTRACK-1017181

SECTRACK-1017182

SUNALERT-102781

SUSE-SA:2006:068

http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

http://www.mozilla.org/security/announce/2006/mfsa2006-66.html

https://bugzilla.mozilla.org/show_bug.cgi?id=356215

mozilla-nss-security-bypass(30098)

cpe:/a:mozilla:network_security_services:3.11.3
cpe:/a:mozilla:firefox:1.5.0.4
cpe:/a:mozilla:firefox:1.5.0.3
cpe:/a:mozilla:firefox:1.5:beta2
...

© SecPod Technologies