NVD Vulnerability Detail

CVE-2006-5462

Summary	Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
Publication Date	Nov. 9, 2006, 6:07 a.m.
Registration Date	Jan. 29, 2021, 3:48 p.m.
Last Update	Oct. 11, 2017, 10:31 a.m.

CVSS2.0 : MEDIUM
Score	6.4
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P	SGI
2	http://rhn.redhat.com/errata/RHSA-2006-0733.html	REDHAT
3	http://rhn.redhat.com/errata/RHSA-2006-0734.html	REDHAT
4	http://rhn.redhat.com/errata/RHSA-2006-0735.html	REDHAT
5	http://secunia.com/advisories/22066	SECUNIA
6	http://secunia.com/advisories/22722	SECUNIA	Patch Vendor Advisory
7	http://secunia.com/advisories/22727	SECUNIA
8	http://secunia.com/advisories/22737	SECUNIA
9	http://secunia.com/advisories/22763	SECUNIA
10	http://secunia.com/advisories/22770	SECUNIA	Patch Vendor Advisory
11	http://secunia.com/advisories/22815	SECUNIA
12	http://secunia.com/advisories/22817	SECUNIA
13	http://secunia.com/advisories/22929	SECUNIA
14	http://secunia.com/advisories/22965	SECUNIA
15	http://secunia.com/advisories/22980	SECUNIA
16	http://secunia.com/advisories/23009	SECUNIA
17	http://secunia.com/advisories/23013	SECUNIA
18	http://secunia.com/advisories/23197	SECUNIA
19	http://secunia.com/advisories/23202	SECUNIA
20	http://secunia.com/advisories/23235	SECUNIA
21	http://secunia.com/advisories/23263	SECUNIA
22	http://secunia.com/advisories/23287	SECUNIA
23	http://secunia.com/advisories/23297	SECUNIA
24	http://secunia.com/advisories/23883	SECUNIA
25	http://secunia.com/advisories/24711	SECUNIA
26	http://security.gentoo.org/glsa/glsa-200612-06.xml	GENTOO
27	http://security.gentoo.org/glsa/glsa-200612-07.xml	GENTOO
28	http://security.gentoo.org/glsa/glsa-200612-08.xml	GENTOO
29	http://securitytracker.com/id?1017180	SECTRACK
30	http://securitytracker.com/id?1017181	SECTRACK
31	http://securitytracker.com/id?1017182	SECTRACK
32	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1	SUNALERT
33	http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm	CONFIRM
34	http://www.debian.org/security/2006/dsa-1224	DEBIAN
35	http://www.debian.org/security/2006/dsa-1225	DEBIAN
36	http://www.debian.org/security/2006/dsa-1227	DEBIAN
37	http://www.kb.cert.org/vuls/id/335392	CERT-VN	Patch US Government Resource
38	http://www.mandriva.com/security/advisories?name=MDKSA-2006:205	MANDRIVA
39	http://www.mandriva.com/security/advisories?name=MDKSA-2006:206	MANDRIVA
40	http://www.mozilla.org/security/announce/2006/mfsa2006-60.html	MISC	Patch
41	http://www.mozilla.org/security/announce/2006/mfsa2006-66.html	CONFIRM	Patch
42	http://www.novell.com/linux/security/advisories/2006_68_mozilla.html	SUSE
43	http://www.ubuntu.com/usn/usn-381-1	UBUNTU
44	http://www.ubuntu.com/usn/usn-382-1	UBUNTU
45	http://www.us-cert.gov/cas/techalerts/TA06-312A.html	CERT	Patch US Government Resource
46	http://www.vupen.com/english/advisories/2006/3748	VUPEN
47	http://www.vupen.com/english/advisories/2006/4387	VUPEN
48	http://www.vupen.com/english/advisories/2007/0293	VUPEN
49	http://www.vupen.com/english/advisories/2007/1198	VUPEN
50	http://www.vupen.com/english/advisories/2008/0083	VUPEN
51	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742	HP
52	https://bugzilla.mozilla.org/show_bug.cgi?id=356215	MISC	Patch
53	https://exchange.xforce.ibmcloud.com/vulnerabilities/30098	XF
54	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478	OVAL

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*