CVE-2006-4340
Mozilla Firefox < 1.5.0.6 - Signature Forgery via RSA Key with Exponent 3
Title source: llmDescription
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
References (73)
Core 73
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22055
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22446
Various Sources x_refsource_misc
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0676.html
Various Sources mailing-list
x_refsource_mlist
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-640
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016858
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22992
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3748
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016859
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23883
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3899
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22044
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22195
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-361-1
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-352-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21950
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-351-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22025
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22056
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22247
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.us.debian.org/security/2006/dsa-1191
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0293
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22210
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1210
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24711
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3622
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016860
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22849
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0083
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21939
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3617
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21915
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1198
Patch, Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0677.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1192
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200609-19.xml
Various Sources vendor-advisory
x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22274
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0675.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21940
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22001
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/446140/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21903
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-350-1
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21906
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22342
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200610-01.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22074
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22226
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22066
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22088
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21949
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
Various Sources x_refsource_misc
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22036
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-354-1
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22422
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22299
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21916
Scores
EPSS
0.0215
EPSS Percentile
80.0%
Details
CWE
CWE-20
Status
published
Products (4)
mozilla/firefox
< 1.5.0.6
mozilla/network_security_services
< 3.11.2
mozilla/seamonkey
< 1.0.4
mozilla/thunderbird
< 1.5.0.6
Published
Sep 15, 2006
Tracked Since
Feb 18, 2026