CVE-2006-4340

Published: Sep 15, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/

x_refsource_MISC

1016858

vdb-entry

x_refsource_SECTRACK

22992

third-party-advisory

x_refsource_SECUNIA

ADV-2006-3748

vdb-entry

x_refsource_VUPEN

1016859

vdb-entry

x_refsource_SECTRACK

RHSA-2006:0676

vendor-advisory

x_refsource_REDHAT

23883

third-party-advisory

x_refsource_SECUNIA

ADV-2006-3899

vdb-entry

x_refsource_VUPEN

22044

third-party-advisory

x_refsource_SECUNIA

22055

third-party-advisory

x_refsource_SECUNIA

22195

third-party-advisory

x_refsource_SECUNIA

USN-361-1

vendor-advisory

x_refsource_UBUNTU

USN-352-1

vendor-advisory

x_refsource_UBUNTU

22446

third-party-advisory

x_refsource_SECUNIA

21950

third-party-advisory

x_refsource_SECUNIA

USN-351-1

vendor-advisory

x_refsource_UBUNTU

22025

third-party-advisory

x_refsource_SECUNIA

22056

third-party-advisory

x_refsource_SECUNIA

[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error

mailing-list

x_refsource_MLIST

TA06-312A

third-party-advisory

x_refsource_CERT

22247

third-party-advisory

x_refsource_SECUNIA

MDKSA-2006:168

vendor-advisory

x_refsource_MANDRIVA

DSA-1191

vendor-advisory

x_refsource_DEBIAN

ADV-2007-0293

vdb-entry

x_refsource_VUPEN

22210

third-party-advisory

x_refsource_SECUNIA

DSA-1210

vendor-advisory

x_refsource_DEBIAN

24711

third-party-advisory

x_refsource_SECUNIA

ADV-2006-3622

vdb-entry

x_refsource_VUPEN

http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

x_refsource_CONFIRM

http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm

x_refsource_CONFIRM

1016860

vdb-entry

x_refsource_SECTRACK

22849

third-party-advisory

x_refsource_SECUNIA

ADV-2008-0083

vdb-entry

x_refsource_VUPEN

21939

third-party-advisory

x_refsource_SECUNIA

ADV-2006-3617

vdb-entry

x_refsource_VUPEN

GLSA-200610-06

vendor-advisory

x_refsource_GENTOO

21915

third-party-advisory

x_refsource_SECUNIA

ADV-2007-1198

vdb-entry

x_refsource_VUPEN

RHSA-2006:0677

vendor-advisory

x_refsource_REDHAT

DSA-1192

vendor-advisory

x_refsource_DEBIAN

http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm

x_refsource_CONFIRM

GLSA-200609-19

vendor-advisory

x_refsource_GENTOO

SSRT061181

vendor-advisory

x_refsource_HP

22274

third-party-advisory

x_refsource_SECUNIA

RHSA-2006:0675

vendor-advisory

x_refsource_REDHAT

21940

third-party-advisory

x_refsource_SECUNIA

mozilla-nss-security-bypass(30098)

vdb-entry

x_refsource_XF

102648

vendor-advisory

x_refsource_SUNALERT

22001

third-party-advisory

x_refsource_SECUNIA

20060915 rPSA-2006-0169-1 firefox thunderbird

mailing-list

x_refsource_BUGTRAQ

21903

third-party-advisory

x_refsource_SECUNIA

USN-350-1

vendor-advisory

x_refsource_UBUNTU

21906

third-party-advisory

x_refsource_SECUNIA

HPSBUX02153

vendor-advisory

x_refsource_HP

22342

third-party-advisory

x_refsource_SECUNIA

GLSA-200610-01

vendor-advisory

x_refsource_GENTOO

22074

third-party-advisory

x_refsource_SECUNIA

22226

third-party-advisory

x_refsource_SECUNIA

22066

third-party-advisory

x_refsource_SECUNIA

22088

third-party-advisory

x_refsource_SECUNIA

21949

third-party-advisory

x_refsource_SECUNIA

SUSE-SA:2006:054

vendor-advisory

x_refsource_SUSE

https://issues.rpath.com/browse/RPL-640

x_refsource_CONFIRM

http://www.mozilla.org/security/announce/2006/mfsa2006-66.html

x_refsource_MISC

22036

third-party-advisory

x_refsource_SECUNIA

SUSE-SA:2006:055

vendor-advisory

x_refsource_SUSE

oval:org.mitre.oval:def:11007

vdb-entry

signature

x_refsource_OVAL

USN-354-1

vendor-advisory

x_refsource_UBUNTU

102781

vendor-advisory

x_refsource_SUNALERT

22422

third-party-advisory

x_refsource_SECUNIA

22299

third-party-advisory

x_refsource_SECUNIA

MDKSA-2006:169

vendor-advisory

x_refsource_MANDRIVA

21916

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2006-4340

Description

Affected Products

References