CVE-2006-4340
CVSS V2 Medium 4
CVSS V3 None
Description
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
Overview
- CVE ID
- CVE-2006-4340
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2006-09-15T18:07:00
- Last Modified Date
- 2023-02-13T02:16:42
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 1 | OR | 1.5.0.6 | |
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:* | 1 | OR | 3.11.2 | |
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* | 1 | OR | 1.0.4 | |
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | 1 | OR | 1.5.0.6 |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:H/Au:N/C:P/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- HIGH
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 4
- Severity
- MEDIUM
- Exploitability Score
- 4.9
- Impact Score
- 4.9
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2006-4340 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 18:13:21 | Added to TrackCVE | |||
2023-02-13 03:01:37 | 2023-02-13T02:16:42 | CVE Modified Date | updated | |
2023-02-13 03:01:38 | Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. | Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. | Description | updated |