CVE-2006-5462

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

Published: Nov 8, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5462
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / thunderbird	1.5.0.7	1.5.0.7.x
mozilla / seamonkey	1.0.3	1.0.3.x
mozilla / firefox	1.5-beta2	1.5-beta2.x
mozilla / seamonkey	1.0.1	1.0.1.x
mozilla / firefox	1.5.0.6	1.5.0.6.x
mozilla / firefox	1.5.0.3	1.5.0.3.x
mozilla / seamonkey	1.0	1.0.x
mozilla / seamonkey	1.0-beta	1.0-beta.x
mozilla / firefox	1.5-beta1	1.5-beta1.x
mozilla / firefox	1.5	1.5.x
mozilla / thunderbird	1.5.0.3	1.5.0.3.x
mozilla / thunderbird	1.5.0.6	1.5.0.6.x
mozilla / thunderbird	1.5-beta2	1.5-beta2.x
mozilla / seamonkey	1.0.2	1.0.2.x
mozilla / firefox	1.5.0.7	1.5.0.7.x
mozilla / thunderbird	1.5	1.5.x
mozilla / thunderbird	1.5.0.2	1.5.0.2.x
mozilla / seamonkey	1.0.5	1.0.5.x
mozilla / firefox	1.5.0.5	1.5.0.5.x
mozilla / firefox	1.5.0.2	1.5.0.2.x
mozilla / seamonkey	1.0.4	1.0.4.x
mozilla / thunderbird	1.5.0.1	1.5.0.1.x
mozilla / network_security_services	3.11.3	3.11.3.x
mozilla / firefox	1.5.0.4	1.5.0.4.x
mozilla / firefox	1.5.0.1	1.5.0.1.x
mozilla / thunderbird	1.5.0.4	1.5.0.4.x

Vulnerability Database

289,697

CVE-2006-5462