Vulnerability DatabaseCVE-2006-5462
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2006-5462
November 08, 2006
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
Related Resources (56)
http://secunia.com/advisories/23235
http://secunia.com/advisories/22817
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
http://www.debian.org/security/2006/dsa-1225
http://secunia.com/advisories/22815
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2006-5462
http://www.ubuntu.com/usn/usn-382-1
http://www.ubuntu.com/usn/usn-381-1
http://www.debian.org/security/2006/dsa-1227
http://secunia.com/advisories/24711
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
http://secunia.com/advisories/22763
http://secunia.com/advisories/23883
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
http://www.vupen.com/english/advisories/2006/4387
http://rhn.redhat.com/errata/RHSA-2006-0734.html
http://secunia.com/advisories/22965
http://secunia.com/advisories/22722
http://securitytracker.com/id?1017180
http://secunia.com/advisories/23202
http://secunia.com/advisories/23197
http://rhn.redhat.com/errata/RHSA-2006-0733.html
https://access.redhat.com/security/cve/CVE-2006-5462
http://secunia.com/advisories/22066
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
http://secunia.com/advisories/23013
http://security.gentoo.org/glsa/glsa-200612-08.xml
http://securitytracker.com/id?1017182
http://www.vupen.com/english/advisories/2007/1198
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
http://secunia.com/advisories/22737
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478
http://security.gentoo.org/glsa/glsa-200612-07.xml
http://secunia.com/advisories/22929
http://www.debian.org/security/2006/dsa-1224
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
http://secunia.com/advisories/22770
http://www.vupen.com/english/advisories/2007/0293
http://secunia.com/advisories/22980
http://secunia.com/advisories/23263
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
http://secunia.com/advisories/23009
http://rhn.redhat.com/errata/RHSA-2006-0735.html
http://secunia.com/advisories/23287
http://security.gentoo.org/glsa/glsa-200612-06.xml
http://www.kb.cert.org/vuls/id/335392
http://securitytracker.com/id?1017181
http://secunia.com/advisories/22727
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2006/3748
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
http://secunia.com/advisories/23297
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
6.4
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
EPSS
Base Score:
12.79