Vulnerability Name: CVE-2006-5462 (CCN-30098) Assigned: 2006-11-08 Published: 2006-11-08 Updated: 2017-10-11 Summary: Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates.Note CVE-2006-4340 . CVSS v3 Severity: 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N 4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N 1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-Other Vulnerability Consequences: Bypass Security References: Source: SGI20061101-01-P CVE-2006-4340 CVE-2006-5462 firefox security update seamonkey security update thunderbird security update Critical: firefox security update RHSA-2006:0733 Critical: seamonkey security update RHSA-2006:0734 Critical: thunderbird security update RHSA-2006:0735 Network Security Services (NSS) Signature Forgery Vulnerability Mozilla Firefox Multiple Vulnerabilities Mozilla Thunderbird Multiple Vulnerabilities Mozilla SeaMonkey Multiple Vulnerabilities 22066 Sun Solaris RSA Signature Forgery Vulnerability Avaya Products Firefox Multiple Vulnerabilities Mozilla Firefox and SeaMonkey Multiple Vulnerabilities 22722 22727 22737 22763 Mozilla Thunderbird Multiple Vulnerabilities 22770 22815 22817 22929 Avaya Messaging Storage Server Firefox Multiple Vulnerabilities 22965 22980 Avaya CMS Sun Solaris X Display Manager Security Issue 23009 23013 23197 23202 23235 23263 23287 23297 23883 Netscape Multiple Vulnerabilities 24711 GLSA-200612-06 GLSA-200612-07 GLSA-200612-08 Mozilla Firefox Certificate Signatures Can Be Forged Mozilla Seamonkey Certificate Signatures Can Be Forged Mozilla Thunderbird Certificate Signatures Can Be Forged Mozilla Seamonkey RSA Signatures Can Be Forged 1017180 Mozilla Thunderbird RSA Signatures Can Be Forged 1017181 Mozilla Firefox RSA Signatures Can Be Forged 1017182 RSA Signature Forgery Issues in Mozilla 1.7 for Solaris 8, 9 and 10 102781 thunderbird security update (RHSA-2006-0735) http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm firefox security update (RHSA-2006-0733) seamonkey security update (RHSA-2006-0734) RSA Signature Forgery Issues in Mozilla 1.7 for Solaris 8 9 and 10 (Sun 102781) HP-UX Running Firefox Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) (HPSBUX02153) DSA-1224 DSA-1225 DSA-1227 mozilla -- several vulnerabilities mozilla-firefox -- several vulnerabilities mozilla-thunderbird -- several vulnerabilities Mozilla Firefox: Multiple vulnerabilities Mozilla Thunderbird: Multiple vulnerabilities Mozilla Network Security Service (NSS): RSA signature forgery Mozilla Thunderbird: Multiple vulnerabilities Mozilla Firefox: Multiple vulnerabilities SeaMonkey: Multiple vulnerabilities The Mozilla Network Security Services library fails to properly verify RSA signatures VU#335392 MDKSA-2006:205 MDKSA-2006:206 http://www.mozilla.org/security/announce/2006/mfsa2006-60.html RSA Signature Forgery (variant) http://www.mozilla.org/security/announce/2006/mfsa2006-66.html SUSE-SA:2006:068 Thunderbird vulnerabilities Firefox vulnerabilities Thunderbird vulnerabilities Firefox vulnerabilities Mozilla vulnerabilities Firefox vulnerabilities USN-381-1 Thunderbird vulnerabilities USN-382-1 TA06-312A ADV-2006-3748 ADV-2006-4387 ADV-2007-0293 ADV-2007-1198 ADV-2008-0083 SSRT061181 https://bugzilla.mozilla.org/show_bug.cgi?id=356215 mozilla-nss-security-bypass(30098) mozilla-nss-security-bypass(30098) oval:org.mitre.oval:def:10478 Mozilla Firefox security update PKCS RSA signature forgery Mozilla Firefox 1.5.0.8 release Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:firefox:1.5:beta1:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::dev:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:firefox:1.5:beta2:*:*:*:*:*:* OR cpe:/a:mozilla:network_security_services:3.11.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::alpha:*:*:*:*:* OR cpe:/a:mozilla:seamonkey:1.0::beta:*:*:*:*:* AND cpe:/o:sun:solaris:8::x86:*:*:*:*:* OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:* OR cpe:/o:sun:solaris:9::x86:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:* OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:* OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:* OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:* OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:* OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:* Oval Definitions BACK
mozilla firefox 1.5
mozilla firefox 1.5 beta1
mozilla firefox 1.5 beta2
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla network security services 3.11.3
mozilla seamonkey 1.0
mozilla seamonkey 1.0
mozilla seamonkey 1.0
mozilla seamonkey 1.0 beta
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla thunderbird 1.5.0.1
mozilla thunderbird 1.5.0.2
mozilla thunderbird 1.5.0.3
mozilla thunderbird 1.5.0.4
mozilla thunderbird 1.5.0.6
mozilla thunderbird 1.5.0.7
mozilla firefox 1.5 beta1
mozilla seamonkey 1.0
mozilla firefox 1.5
mozilla thunderbird 1.5
mozilla thunderbird 1.5 beta2
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla thunderbird 1.5.0.7
mozilla seamonkey 1.0.5
mozilla network security services 3.11.3
mozilla seamonkey 1.0.2
mozilla thunderbird 1.5.0.6
mozilla thunderbird 1.5.0.4
mozilla thunderbird 1.5.0.3
mozilla thunderbird 1.5.0.2
mozilla thunderbird 1.5.0.1
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.5
mozilla firefox 1.5 beta2
mozilla network security services 3.11.2
mozilla seamonkey 1.0
mozilla seamonkey 1.0
sun solaris 8
gentoo linux *
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
sun solaris 8
sun solaris 9
redhat enterprise linux 3
mandrakesoft mandrake linux corporate server 3.0
redhat enterprise linux 4
redhat enterprise linux 4
novell linux desktop 9
redhat enterprise linux 4
redhat enterprise linux 4
debian debian linux 3.1
novell open enterprise server *
sun solaris 10
suse suse linux 10.0
redhat linux advanced workstation 2.1
mandrakesoft mandrake linux 2006
canonical ubuntu 6.06
suse suse linux 10.1
mandrakesoft mandrake linux 2006
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux 2007
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 3.0
novell open enterprise server *
sun solaris 9
Denotes that component is vulnerable