CVE - CVE-2006-4340

CVE-ID
CVE-2006-4340	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20060915 rPSA-2006-0169-1 firefox thunderbird URL:http://www.securityfocus.com/archive/1/446140/100/0/threaded MLIST:[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error URL:http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html MISC:http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ MISC:http://www.mozilla.org/security/announce/2006/mfsa2006-66.html CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-60.html CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm CONFIRM:https://issues.rpath.com/browse/RPL-640 DEBIAN:DSA-1191 URL:http://www.us.debian.org/security/2006/dsa-1191 DEBIAN:DSA-1192 URL:http://www.debian.org/security/2006/dsa-1192 DEBIAN:DSA-1210 URL:http://www.debian.org/security/2006/dsa-1210 GENTOO:GLSA-200609-19 URL:http://security.gentoo.org/glsa/glsa-200609-19.xml GENTOO:GLSA-200610-01 URL:http://security.gentoo.org/glsa/glsa-200610-01.xml GENTOO:GLSA-200610-06 URL:http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml HP:HPSBUX02153 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 HP:SSRT061181 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 MANDRIVA:MDKSA-2006:168 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 MANDRIVA:MDKSA-2006:169 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 REDHAT:RHSA-2006:0676 URL:http://www.redhat.com/support/errata/RHSA-2006-0676.html REDHAT:RHSA-2006:0677 URL:http://www.redhat.com/support/errata/RHSA-2006-0677.html REDHAT:RHSA-2006:0675 URL:http://www.redhat.com/support/errata/RHSA-2006-0675.html SGI:20060901-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc SUNALERT:102648 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 SUNALERT:102781 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 SUSE:SUSE-SA:2006:054 URL:http://www.novell.com/linux/security/advisories/2006_54_mozilla.html SUSE:SUSE-SA:2006:055 URL:http://www.novell.com/linux/security/advisories/2006_55_ssl.html UBUNTU:USN-350-1 URL:http://www.ubuntu.com/usn/usn-350-1 UBUNTU:USN-351-1 URL:http://www.ubuntu.com/usn/usn-351-1 UBUNTU:USN-352-1 URL:http://www.ubuntu.com/usn/usn-352-1 UBUNTU:USN-354-1 URL:http://www.ubuntu.com/usn/usn-354-1 UBUNTU:USN-361-1 URL:http://www.ubuntu.com/usn/usn-361-1 CERT:TA06-312A URL:http://www.us-cert.gov/cas/techalerts/TA06-312A.html OVAL:oval:org.mitre.oval:def:11007 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007 VUPEN:ADV-2006-3617 URL:http://www.vupen.com/english/advisories/2006/3617 VUPEN:ADV-2006-3622 URL:http://www.vupen.com/english/advisories/2006/3622 VUPEN:ADV-2006-3899 URL:http://www.vupen.com/english/advisories/2006/3899 VUPEN:ADV-2007-0293 URL:http://www.vupen.com/english/advisories/2007/0293 VUPEN:ADV-2007-1198 URL:http://www.vupen.com/english/advisories/2007/1198 VUPEN:ADV-2006-3748 URL:http://www.vupen.com/english/advisories/2006/3748 VUPEN:ADV-2008-0083 URL:http://www.vupen.com/english/advisories/2008/0083 SECTRACK:1016858 URL:http://securitytracker.com/id?1016858 SECTRACK:1016859 URL:http://securitytracker.com/id?1016859 SECTRACK:1016860 URL:http://securitytracker.com/id?1016860 SECUNIA:21906 URL:http://secunia.com/advisories/21906 SECUNIA:21949 URL:http://secunia.com/advisories/21949 SECUNIA:21903 URL:http://secunia.com/advisories/21903 SECUNIA:21915 URL:http://secunia.com/advisories/21915 SECUNIA:21916 URL:http://secunia.com/advisories/21916 SECUNIA:21939 URL:http://secunia.com/advisories/21939 SECUNIA:21940 URL:http://secunia.com/advisories/21940 SECUNIA:21950 URL:http://secunia.com/advisories/21950 SECUNIA:22036 URL:http://secunia.com/advisories/22036 SECUNIA:22001 URL:http://secunia.com/advisories/22001 SECUNIA:22025 URL:http://secunia.com/advisories/22025 SECUNIA:22055 URL:http://secunia.com/advisories/22055 SECUNIA:22074 URL:http://secunia.com/advisories/22074 SECUNIA:22088 URL:http://secunia.com/advisories/22088 SECUNIA:22210 URL:http://secunia.com/advisories/22210 SECUNIA:22226 URL:http://secunia.com/advisories/22226 SECUNIA:22247 URL:http://secunia.com/advisories/22247 SECUNIA:22274 URL:http://secunia.com/advisories/22274 SECUNIA:22299 URL:http://secunia.com/advisories/22299 SECUNIA:22342 URL:http://secunia.com/advisories/22342 SECUNIA:22422 URL:http://secunia.com/advisories/22422 SECUNIA:22446 URL:http://secunia.com/advisories/22446 SECUNIA:22849 URL:http://secunia.com/advisories/22849 SECUNIA:22056 URL:http://secunia.com/advisories/22056 SECUNIA:22195 URL:http://secunia.com/advisories/22195 SECUNIA:22992 URL:http://secunia.com/advisories/22992 SECUNIA:23883 URL:http://secunia.com/advisories/23883 SECUNIA:22044 URL:http://secunia.com/advisories/22044 SECUNIA:24711 URL:http://secunia.com/advisories/24711 SECUNIA:22066 URL:http://secunia.com/advisories/22066 XF:mozilla-nss-security-bypass(30098) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
Assigning CNA
N/A
Date Entry Created
20060824	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060824)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org