Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
References
Link Providers
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc cve-icon cve-icon
http://secunia.com/advisories/21903 cve-icon cve-icon
http://secunia.com/advisories/21906 cve-icon cve-icon
http://secunia.com/advisories/21915 cve-icon cve-icon
http://secunia.com/advisories/21916 cve-icon cve-icon
http://secunia.com/advisories/21939 cve-icon cve-icon
http://secunia.com/advisories/21940 cve-icon cve-icon
http://secunia.com/advisories/21949 cve-icon cve-icon
http://secunia.com/advisories/21950 cve-icon cve-icon
http://secunia.com/advisories/22001 cve-icon cve-icon
http://secunia.com/advisories/22025 cve-icon cve-icon
http://secunia.com/advisories/22036 cve-icon cve-icon
http://secunia.com/advisories/22044 cve-icon cve-icon
http://secunia.com/advisories/22055 cve-icon cve-icon
http://secunia.com/advisories/22056 cve-icon cve-icon
http://secunia.com/advisories/22066 cve-icon cve-icon
http://secunia.com/advisories/22074 cve-icon cve-icon
http://secunia.com/advisories/22088 cve-icon cve-icon
http://secunia.com/advisories/22195 cve-icon cve-icon
http://secunia.com/advisories/22210 cve-icon cve-icon
http://secunia.com/advisories/22226 cve-icon cve-icon
http://secunia.com/advisories/22247 cve-icon cve-icon
http://secunia.com/advisories/22274 cve-icon cve-icon
http://secunia.com/advisories/22299 cve-icon cve-icon
http://secunia.com/advisories/22342 cve-icon cve-icon
http://secunia.com/advisories/22422 cve-icon cve-icon
http://secunia.com/advisories/22446 cve-icon cve-icon
http://secunia.com/advisories/22849 cve-icon cve-icon
http://secunia.com/advisories/22992 cve-icon cve-icon
http://secunia.com/advisories/23883 cve-icon cve-icon
http://secunia.com/advisories/24711 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200609-19.xml cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200610-01.xml cve-icon cve-icon
http://securitytracker.com/id?1016858 cve-icon cve-icon
http://securitytracker.com/id?1016859 cve-icon cve-icon
http://securitytracker.com/id?1016860 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1192 cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1210 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml cve-icon cve-icon
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 cve-icon cve-icon
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ cve-icon cve-icon
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html cve-icon cve-icon
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_55_ssl.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0675.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0676.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2006-0677.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/446140/100/0/threaded cve-icon cve-icon
http://www.ubuntu.com/usn/usn-350-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-351-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-352-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-354-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-361-1 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA06-312A.html cve-icon cve-icon
http://www.us.debian.org/security/2006/dsa-1191 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3617 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3622 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3748 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/3899 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/0293 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/1198 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/0083 cve-icon cve-icon
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-640 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-4340 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-4340 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-09-15T18:00:00

Updated: 2024-08-07T19:06:07.315Z

Reserved: 2006-08-24T00:00:00

Link: CVE-2006-4340

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-09-15T18:07:00.000

Modified: 2024-11-21T00:15:43.160

Link: CVE-2006-4340

cve-icon Redhat

Severity : Important

Publid Date: 2006-09-15T00:01:00Z

Links: CVE-2006-4340 - Bugzilla