Home > Vulnerability Database > CVE-2006-4340

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2006-4340

Date: September 15, 2006

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

Severity Score

4.8

Related Resources (77)

Url: http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

Url: http://www.novell.com/linux/security/advisories/2006_55_ssl.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-4340

Url: http://www.vupen.com/english/advisories/2007/0293

Url: http://secunia.com/advisories/21939

Url: http://www.us.debian.org/security/2006/dsa-1191

Url: http://secunia.com/advisories/22422

Url: http://secunia.com/advisories/22226

Url: http://www.ubuntu.com/usn/usn-351-1

Url: ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

Url: http://www.vupen.com/english/advisories/2006/3748

Url: http://secunia.com/advisories/22342

Url: http://secunia.com/advisories/22066

Url: https://access.redhat.com/security/cve/CVE-2006-4340

Url: http://secunia.com/advisories/22025

Url: http://www.vupen.com/english/advisories/2006/3622

Url: http://www.debian.org/security/2006/dsa-1192

Url: http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html

Url: http://security.gentoo.org/glsa/glsa-200609-19.xml

Url: http://secunia.com/advisories/21903

Url: http://securitytracker.com/id?1016860

Url: http://secunia.com/advisories/21949

Url: http://www.redhat.com/support/errata/RHSA-2006-0677.html

Url: http://secunia.com/advisories/21906

Url: http://secunia.com/advisories/21940

Url: http://www.novell.com/linux/security/advisories/2006_54_mozilla.html

Url: http://www.ubuntu.com/usn/usn-361-1

Url: http://secunia.com/advisories/22195

Url: http://www.vupen.com/english/advisories/2006/3617

Url: http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml

Url: http://secunia.com/advisories/22074

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:168

Url: http://secunia.com/advisories/22274

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:169

Url: http://www.vupen.com/english/advisories/2006/3899

Url: http://secunia.com/advisories/22036

Url: http://secunia.com/advisories/22992

Url: http://secunia.com/advisories/23883

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-4340

Url: http://securitytracker.com/id?1016859

Url: http://securitytracker.com/id?1016858

Url: http://www.securityfocus.com/archive/1/446140/100/0/threaded

Url: http://www.debian.org/security/2006/dsa-1210

Url: http://www.mozilla.org/security/announce/2006/mfsa2006-66.html

Url: http://secunia.com/advisories/22849

Url: http://www.redhat.com/support/errata/RHSA-2006-0675.html

Url: http://secunia.com/advisories/21916

Url: http://secunia.com/advisories/21915

Url: https://issues.rpath.com/browse/RPL-640

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1

Url: http://secunia.com/advisories/21950

Url: http://secunia.com/advisories/22247

Url: http://www.vupen.com/english/advisories/2008/0083

Url: http://www.ubuntu.com/usn/usn-354-1

Url: http://www.ubuntu.com/usn/usn-352-1

Url: http://secunia.com/advisories/22446

Url: http://www.ubuntu.com/usn/usn-350-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007

Url: http://secunia.com/advisories/22001

Url: http://secunia.com/advisories/22044

Url: http://secunia.com/advisories/22088

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm

Url: http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

Url: http://www.vupen.com/english/advisories/2007/1198

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1

Url: http://security.gentoo.org/glsa/glsa-200610-01.xml

Url: http://www.us-cert.gov/cas/techalerts/TA06-312A.html

Url: http://www.redhat.com/support/errata/RHSA-2006-0676.html

Url: http://secunia.com/advisories/24711

Url: http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/30098

Url: http://secunia.com/advisories/22056

Url: http://secunia.com/advisories/22210

Url: http://secunia.com/advisories/22055

Url: http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

Url: http://secunia.com/advisories/22299

Url: https://www.mend.io/vulnerability-database/CVE-2006-4340

Severity Score

4.8

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us