CVE-2006-5462
⚪ Do wiadomości
Błąd w bibliotece NSS umożliwia fałszowanie podpisów certyfikatów SSL/TLS i e-mailowych.
CVSS
6.4
EPSS
12.8%
Exploit
none
Vendor
mozilla
Opis źródłowy (NVD)
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.4 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 12.8% |
| Opublikowano (NVD) | 2006-11-08 21:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-23 00:35:47 UTC |
Referencje
- ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P (secalert@redhat.com)
- http://rhn.redhat.com/errata/RHSA-2006-0733.html (secalert@redhat.com)
- http://rhn.redhat.com/errata/RHSA-2006-0734.html (secalert@redhat.com)
- http://rhn.redhat.com/errata/RHSA-2006-0735.html (secalert@redhat.com)
- http://secunia.com/advisories/22066 (secalert@redhat.com)
- http://secunia.com/advisories/22722 (secalert@redhat.com) [Patch, Vendor Advisory]
- http://secunia.com/advisories/22727 (secalert@redhat.com)
- http://secunia.com/advisories/22737 (secalert@redhat.com)
- http://secunia.com/advisories/22763 (secalert@redhat.com)
- http://secunia.com/advisories/22770 (secalert@redhat.com) [Patch, Vendor Advisory]
- http://secunia.com/advisories/22815 (secalert@redhat.com)
- http://secunia.com/advisories/22817 (secalert@redhat.com)
- http://secunia.com/advisories/22929 (secalert@redhat.com)
- http://secunia.com/advisories/22965 (secalert@redhat.com)
- http://secunia.com/advisories/22980 (secalert@redhat.com)
- http://secunia.com/advisories/23009 (secalert@redhat.com)
- http://secunia.com/advisories/23013 (secalert@redhat.com)
- http://secunia.com/advisories/23197 (secalert@redhat.com)
- http://secunia.com/advisories/23202 (secalert@redhat.com)
- http://secunia.com/advisories/23235 (secalert@redhat.com)
- http://secunia.com/advisories/23263 (secalert@redhat.com)
- http://secunia.com/advisories/23287 (secalert@redhat.com)
- http://secunia.com/advisories/23297 (secalert@redhat.com)
- http://secunia.com/advisories/23883 (secalert@redhat.com)
- http://secunia.com/advisories/24711 (secalert@redhat.com)
- http://security.gentoo.org/glsa/glsa-200612-06.xml (secalert@redhat.com)
- http://security.gentoo.org/glsa/glsa-200612-07.xml (secalert@redhat.com)
- http://security.gentoo.org/glsa/glsa-200612-08.xml (secalert@redhat.com)
- http://securitytracker.com/id?1017180 (secalert@redhat.com)
- http://securitytracker.com/id?1017181 (secalert@redhat.com)
- http://securitytracker.com/id?1017182 (secalert@redhat.com)
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 (secalert@redhat.com)
- http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm (secalert@redhat.com)
- http://www.debian.org/security/2006/dsa-1224 (secalert@redhat.com)
- http://www.debian.org/security/2006/dsa-1225 (secalert@redhat.com)
- http://www.debian.org/security/2006/dsa-1227 (secalert@redhat.com)
- http://www.kb.cert.org/vuls/id/335392 (secalert@redhat.com) [Patch, US Government Resource]
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:205 (secalert@redhat.com)
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:206 (secalert@redhat.com)
- http://www.mozilla.org/security/announce/2006/mfsa2006-60.html (secalert@redhat.com) [Patch]
- http://www.mozilla.org/security/announce/2006/mfsa2006-66.html (secalert@redhat.com) [Patch]
- http://www.novell.com/linux/security/advisories/2006_68_mozilla.html (secalert@redhat.com)
- http://www.ubuntu.com/usn/usn-381-1 (secalert@redhat.com)
- http://www.ubuntu.com/usn/usn-382-1 (secalert@redhat.com)
- http://www.us-cert.gov/cas/techalerts/TA06-312A.html (secalert@redhat.com) [Patch, US Government Resource]
- http://www.vupen.com/english/advisories/2006/3748 (secalert@redhat.com)
- http://www.vupen.com/english/advisories/2006/4387 (secalert@redhat.com)
- http://www.vupen.com/english/advisories/2007/0293 (secalert@redhat.com)
- http://www.vupen.com/english/advisories/2007/1198 (secalert@redhat.com)
- http://www.vupen.com/english/advisories/2008/0083 (secalert@redhat.com)
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 (secalert@redhat.com)
- https://bugzilla.mozilla.org/show_bug.cgi?id=356215 (secalert@redhat.com) [Patch]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30098 (secalert@redhat.com)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478 (secalert@redhat.com)