NVD脆弱性詳細

CVE-2006-5462

概要	Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
公表日	2006年11月9日6:07
登録日	2021年1月29日15:48
最終更新日	2017年10月11日10:31

CVSS2.0 : MEDIUM
スコア	6.4
ベクター	AV:N/AC:L/Au:N/C:P/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*

関連情報、対策とツール

No	URL	refsource	タグ
1	ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P	SGI
2	http://rhn.redhat.com/errata/RHSA-2006-0733.html	REDHAT
3	http://rhn.redhat.com/errata/RHSA-2006-0734.html	REDHAT
4	http://rhn.redhat.com/errata/RHSA-2006-0735.html	REDHAT
5	http://secunia.com/advisories/22066	SECUNIA
6	http://secunia.com/advisories/22722	SECUNIA	Patch Vendor Advisory
7	http://secunia.com/advisories/22727	SECUNIA
8	http://secunia.com/advisories/22737	SECUNIA
9	http://secunia.com/advisories/22763	SECUNIA
10	http://secunia.com/advisories/22770	SECUNIA	Patch Vendor Advisory
11	http://secunia.com/advisories/22815	SECUNIA
12	http://secunia.com/advisories/22817	SECUNIA
13	http://secunia.com/advisories/22929	SECUNIA
14	http://secunia.com/advisories/22965	SECUNIA
15	http://secunia.com/advisories/22980	SECUNIA
16	http://secunia.com/advisories/23009	SECUNIA
17	http://secunia.com/advisories/23013	SECUNIA
18	http://secunia.com/advisories/23197	SECUNIA
19	http://secunia.com/advisories/23202	SECUNIA
20	http://secunia.com/advisories/23235	SECUNIA
21	http://secunia.com/advisories/23263	SECUNIA
22	http://secunia.com/advisories/23287	SECUNIA
23	http://secunia.com/advisories/23297	SECUNIA
24	http://secunia.com/advisories/23883	SECUNIA
25	http://secunia.com/advisories/24711	SECUNIA
26	http://security.gentoo.org/glsa/glsa-200612-06.xml	GENTOO
27	http://security.gentoo.org/glsa/glsa-200612-07.xml	GENTOO
28	http://security.gentoo.org/glsa/glsa-200612-08.xml	GENTOO
29	http://securitytracker.com/id?1017180	SECTRACK
30	http://securitytracker.com/id?1017181	SECTRACK
31	http://securitytracker.com/id?1017182	SECTRACK
32	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1	SUNALERT
33	http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm	CONFIRM
34	http://www.debian.org/security/2006/dsa-1224	DEBIAN
35	http://www.debian.org/security/2006/dsa-1225	DEBIAN
36	http://www.debian.org/security/2006/dsa-1227	DEBIAN
37	http://www.kb.cert.org/vuls/id/335392	CERT-VN	Patch US Government Resource
38	http://www.mandriva.com/security/advisories?name=MDKSA-2006:205	MANDRIVA
39	http://www.mandriva.com/security/advisories?name=MDKSA-2006:206	MANDRIVA
40	http://www.mozilla.org/security/announce/2006/mfsa2006-60.html	MISC	Patch
41	http://www.mozilla.org/security/announce/2006/mfsa2006-66.html	CONFIRM	Patch
42	http://www.novell.com/linux/security/advisories/2006_68_mozilla.html	SUSE
43	http://www.ubuntu.com/usn/usn-381-1	UBUNTU
44	http://www.ubuntu.com/usn/usn-382-1	UBUNTU
45	http://www.us-cert.gov/cas/techalerts/TA06-312A.html	CERT	Patch US Government Resource
46	http://www.vupen.com/english/advisories/2006/3748	VUPEN
47	http://www.vupen.com/english/advisories/2006/4387	VUPEN
48	http://www.vupen.com/english/advisories/2007/0293	VUPEN
49	http://www.vupen.com/english/advisories/2007/1198	VUPEN
50	http://www.vupen.com/english/advisories/2008/0083	VUPEN
51	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742	HP
52	https://bugzilla.mozilla.org/show_bug.cgi?id=356215	MISC	Patch
53	https://exchange.xforce.ibmcloud.com/vulnerabilities/30098	XF
54	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478	OVAL

共通脆弱性一覧

構成1	以上	以下	より上	未満
cpe:2.3:a:mozilla:firefox:1.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5:beta1::::::
cpe:2.3:a:mozilla:firefox:1.5:beta2::::::
cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::*
cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::*
cpe:2.3:a:mozilla:network_security_services:3.11.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::
cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*