Vulnerability Name: CVE-2006-4340 (CCN-30098) Assigned: 2006-09-15 Published: 2006-09-15 Updated: 2023-02-13 Summary: Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339 .Note CVE-2006-5462 . CVSS v3 Severity: 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N 1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Consequences: Bypass Security References: Source: secalert@redhat.comsecalert@redhat.com CVE-2006-4340 CVE-2006-5462 firefox security update seamonkey security update thunderbird security update Critical: firefox security update Critical: seamonkey security update Critical: thunderbird security update Network Security Services (NSS) Signature Forgery Vulnerability Mozilla Firefox Multiple Vulnerabilities Mozilla Thunderbird Multiple Vulnerabilities Mozilla SeaMonkey Multiple Vulnerabilities Sun Solaris RSA Signature Forgery Vulnerability Avaya Products Firefox Multiple Vulnerabilities Mozilla Firefox and SeaMonkey Multiple Vulnerabilities Mozilla Thunderbird Multiple Vulnerabilities Avaya Messaging Storage Server Firefox Multiple Vulnerabilities Avaya CMS Sun Solaris X Display Manager Security Issue Netscape Multiple Vulnerabilities secalert@redhat.com secalert@redhat.com Mozilla Firefox Certificate Signatures Can Be Forged secalert@redhat.com Mozilla Seamonkey Certificate Signatures Can Be Forged secalert@redhat.com Mozilla Thunderbird Certificate Signatures Can Be Forged secalert@redhat.com Mozilla Seamonkey RSA Signatures Can Be Forged Mozilla Thunderbird RSA Signatures Can Be Forged Mozilla Firefox RSA Signatures Can Be Forged secalert@redhat.com RSA Signature Forgery Issues in Mozilla 1.7 for Solaris 8, 9 and 10 secalert@redhat.com secalert@redhat.com thunderbird security update (RHSA-2006-0735) firefox security update (RHSA-2006-0733) seamonkey security update (RHSA-2006-0734) secalert@redhat.com RSA Signature Forgery Issues in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 102781) HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153) secalert@redhat.com secalert@redhat.com mozilla -- several vulnerabilities mozilla-firefox -- several vulnerabilities mozilla-thunderbird -- several vulnerabilities Mozilla Firefox: Multiple vulnerabilities Mozilla Thunderbird: Multiple vulnerabilities Mozilla Network Security Service (NSS): RSA signature forgery secalert@redhat.com Mozilla Thunderbird: Multiple vulnerabilities Mozilla Firefox: Multiple vulnerabilities SeaMonkey: Multiple vulnerabilities secalert@redhat.com The Mozilla Network Security Services library fails to properly verify RSA signatures secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com RSA Signature Forgery (variant) secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com Thunderbird vulnerabilities secalert@redhat.com Firefox vulnerabilities secalert@redhat.com Thunderbird vulnerabilities secalert@redhat.com Firefox vulnerabilities secalert@redhat.com Mozilla vulnerabilities secalert@redhat.com Firefox vulnerabilities Thunderbird vulnerabilities secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com mozilla-nss-security-bypass(30098) secalert@redhat.com secalert@redhat.com Mozilla Firefox security update PKCS RSA signature forgery Mozilla Firefox 1.5.0.8 release Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:* AND cpe:/o:sun:solaris:8::x86:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:* OR cpe:/o:sun:solaris:9::x86:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:* Oval Definitions BACK
mozilla firefox 1.5 beta1
mozilla seamonkey 1.0
mozilla firefox 1.5
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla thunderbird 1.5.0.7
mozilla seamonkey 1.0.5
mozilla network security services 3.11.3
mozilla seamonkey 1.0.2
mozilla thunderbird 1.5.0.6
mozilla thunderbird 1.5.0.4
mozilla thunderbird 1.5.0.3
mozilla thunderbird 1.5.0.2
mozilla thunderbird 1.5.0.1
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.5
mozilla firefox 1.5 beta2
mozilla network security services 3.11.2
mozilla seamonkey 1.0
mozilla seamonkey 1.0
sun solaris 8
gentoo linux *
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
sun solaris 8
sun solaris 9
redhat enterprise linux 3
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
novell open enterprise server *
sun solaris 10
suse suse linux 10.0
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 2006
canonical ubuntu 6.06
suse suse linux 10.1
mandrakesoft mandrake linux 2006
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 3.0
novell open enterprise server *
sun solaris 9
Denotes that component is vulnerable