CVE-2006-5462

Severity Score

6.4

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

La biblioteca Mozilla Network Security Service (NSS) en versiones anteriores a la 3.11.3, como el usado en el Mozilla Firefox en versiones anteriores a la 1.5.0.8, en el Thunderbird anterior a la versión 1.5.0.8 y en el SeaMonkey anteriores a la versión 1.0.6, cuando utiliza una clave RSA con exponente 3, no gestiona apropiadamente datos extra en la firma, lo cual permiten a atacantes remotos falsificar firmas para los certificados de correo electrónico SSL/TLS. NOTA: este identificador es para versiones de productos no parchados, que inicialmente se vieron en el CVE-2006-4340.

*Credits: N/A

CVSS Scores

NISTv2 6.4

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-10-23 CVE Reserved
2006-11-08 CVE Published
2024-08-07 CVE Updated
2024-09-28 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (56)

URL	Tag	Source
http://secunia.com/advisories/22066	Third Party Advisory
http://secunia.com/advisories/22727	Third Party Advisory
http://secunia.com/advisories/22737	Third Party Advisory
http://secunia.com/advisories/22763	Third Party Advisory
http://secunia.com/advisories/22815	Third Party Advisory
http://secunia.com/advisories/22817	Third Party Advisory
http://secunia.com/advisories/22929	Third Party Advisory
http://secunia.com/advisories/22965	Third Party Advisory
http://secunia.com/advisories/22980	Third Party Advisory
http://secunia.com/advisories/23009	Third Party Advisory
http://secunia.com/advisories/23013	Third Party Advisory
http://secunia.com/advisories/23197	Third Party Advisory
http://secunia.com/advisories/23202	Third Party Advisory
http://secunia.com/advisories/23235	Third Party Advisory
http://secunia.com/advisories/23263	Third Party Advisory
http://secunia.com/advisories/23287	Third Party Advisory
http://secunia.com/advisories/23297	Third Party Advisory
http://secunia.com/advisories/23883	Third Party Advisory
http://secunia.com/advisories/24711	Third Party Advisory
http://securitytracker.com/id?1017180	Vdb Entry
http://securitytracker.com/id?1017181	Vdb Entry
http://securitytracker.com/id?1017182	Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm	X_refsource_confirm
http://www.vupen.com/english/advisories/2006/3748	Vdb Entry
http://www.vupen.com/english/advisories/2006/4387	Vdb Entry
http://www.vupen.com/english/advisories/2007/0293	Vdb Entry
http://www.vupen.com/english/advisories/2007/1198	Vdb Entry
http://www.vupen.com/english/advisories/2008/0083	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478	Signature

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/22722	2017-10-11
http://secunia.com/advisories/22770	2017-10-11
http://www.kb.cert.org/vuls/id/335392	2017-10-11
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html	2017-10-11
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html	2017-10-11
http://www.us-cert.gov/cas/techalerts/TA06-312A.html	2017-10-11
https://bugzilla.mozilla.org/show_bug.cgi?id=356215	2017-10-11

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P	2017-10-11
http://rhn.redhat.com/errata/RHSA-2006-0733.html	2017-10-11
http://rhn.redhat.com/errata/RHSA-2006-0734.html	2017-10-11
http://rhn.redhat.com/errata/RHSA-2006-0735.html	2017-10-11
http://security.gentoo.org/glsa/glsa-200612-06.xml	2017-10-11
http://security.gentoo.org/glsa/glsa-200612-07.xml	2017-10-11
http://security.gentoo.org/glsa/glsa-200612-08.xml	2017-10-11
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1	2017-10-11
http://www.debian.org/security/2006/dsa-1224	2017-10-11
http://www.debian.org/security/2006/dsa-1225	2017-10-11
http://www.debian.org/security/2006/dsa-1227	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205	2017-10-11
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206	2017-10-11
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html	2017-10-11
http://www.ubuntu.com/usn/usn-381-1	2017-10-11
http://www.ubuntu.com/usn/usn-382-1	2017-10-11
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742	2017-10-11
https://access.redhat.com/security/cve/CVE-2006-5462	2006-11-08
https://bugzilla.redhat.com/show_bug.cgi?id=1618211	2006-11-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		beta1		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5 Search vendor "Mozilla" for product "Firefox" and version "1.5"		beta2		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.1 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.2 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.3 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.4 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.5 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.6 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Firefox Search vendor "Mozilla" for product "Firefox"				1.5.0.7 Search vendor "Mozilla" for product "Firefox" and version "1.5.0.7"		-		Affected
Mozilla Search vendor "Mozilla"		Network Security Services Search vendor "Mozilla" for product "Network Security Services"				3.11.3 Search vendor "Mozilla" for product "Network Security Services" and version "3.11.3"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		alpha		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		dev		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0 Search vendor "Mozilla" for product "Seamonkey" and version "1.0"		beta		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.1 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.2 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.3 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.4 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Seamonkey Search vendor "Mozilla" for product "Seamonkey"				1.0.5 Search vendor "Mozilla" for product "Seamonkey" and version "1.0.5"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5 Search vendor "Mozilla" for product "Thunderbird" and version "1.5"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5 Search vendor "Mozilla" for product "Thunderbird" and version "1.5"		beta2		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.1 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.1"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.2 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.2"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.3 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.3"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.4 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.4"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.6 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.6"		-		Affected
Mozilla Search vendor "Mozilla"		Thunderbird Search vendor "Mozilla" for product "Thunderbird"				1.5.0.7 Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.7"		-		Affected