Oval Definition:oval:org.mitre.oval:def:11007
Revision Date:2013-04-29Version:11
Title:Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
Description:Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-4340
Platform(s):CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • seamonkey-nspr is earlier than 0:1.0.5-0.1.el3
  • OR seamonkey-js-debugger is earlier than 0:1.0.5-0.1.el3
  • OR seamonkey-nss-devel is earlier than 0:1.0.5-0.1.el3
  • OR seamonkey is earlier than 0:1.0.5-0.1.el3
  • OR seamonkey-nspr-devel is earlier than 0:1.0.5-0.1.el3
  • OR seamonkey-mail is earlier than 0:1.0.5-0.1.el3
  • OR seamonkey-chat is earlier than 0:1.0.5-0.1.el3
  • OR seamonkey-devel is earlier than 0:1.0.5-0.1.el3
  • OR seamonkey-dom-inspector is earlier than 0:1.0.5-0.1.el3
  • OR seamonkey-nss is earlier than 0:1.0.5-0.1.el3
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • devhelp-devel is earlier than 0:0.10-0.4.el4
  • OR seamonkey-nspr is earlier than 0:1.0.5-0.1.el4
  • OR seamonkey-js-debugger is earlier than 0:1.0.5-0.1.el4
  • OR thunderbird is earlier than 0:1.5.0.7-0.1.el4
  • OR seamonkey-nss-devel is earlier than 0:1.0.5-0.1.el4
  • OR seamonkey is earlier than 0:1.0.5-0.1.el4
  • OR seamonkey-nspr-devel is earlier than 0:1.0.5-0.1.el4
  • OR devhelp is earlier than 0:0.10-0.4.el4
  • OR firefox is earlier than 0:1.5.0.7-0.1.el4
  • OR seamonkey-mail is earlier than 0:1.0.5-0.1.el4
  • OR seamonkey-chat is earlier than 0:1.0.5-0.1.el4
  • OR seamonkey-nss is earlier than 0:1.0.5-0.1.el4
  • OR seamonkey-devel is earlier than 0:1.0.5-0.1.el4
  • OR seamonkey-dom-inspector is earlier than 0:1.0.5-0.1.el4
    • BACK