// For flags

CVE-2006-5462

 

Severity Score

6.4
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

La biblioteca Mozilla Network Security Service (NSS) en versiones anteriores a la 3.11.3, como el usado en el Mozilla Firefox en versiones anteriores a la 1.5.0.8, en el Thunderbird anterior a la versión 1.5.0.8 y en el SeaMonkey anteriores a la versión 1.0.6, cuando utiliza una clave RSA con exponente 3, no gestiona apropiadamente datos extra en la firma, lo cual permiten a atacantes remotos falsificar firmas para los certificados de correo electrónico SSL/TLS. NOTA: este identificador es para versiones de productos no parchados, que inicialmente se vieron en el CVE-2006-4340.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-10-23 CVE Reserved
  • 2006-11-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-28 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (56)
URL Tag Source
http://secunia.com/advisories/22066 Third Party Advisory
http://secunia.com/advisories/22727 Third Party Advisory
http://secunia.com/advisories/22737 Third Party Advisory
http://secunia.com/advisories/22763 Third Party Advisory
http://secunia.com/advisories/22815 Third Party Advisory
http://secunia.com/advisories/22817 Third Party Advisory
http://secunia.com/advisories/22929 Third Party Advisory
http://secunia.com/advisories/22965 Third Party Advisory
http://secunia.com/advisories/22980 Third Party Advisory
http://secunia.com/advisories/23009 Third Party Advisory
http://secunia.com/advisories/23013 Third Party Advisory
http://secunia.com/advisories/23197 Third Party Advisory
http://secunia.com/advisories/23202 Third Party Advisory
http://secunia.com/advisories/23235 Third Party Advisory
http://secunia.com/advisories/23263 Third Party Advisory
http://secunia.com/advisories/23287 Third Party Advisory
http://secunia.com/advisories/23297 Third Party Advisory
http://secunia.com/advisories/23883 Third Party Advisory
http://secunia.com/advisories/24711 Third Party Advisory
http://securitytracker.com/id?1017180 Vdb Entry
http://securitytracker.com/id?1017181 Vdb Entry
http://securitytracker.com/id?1017182 Vdb Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm X_refsource_confirm
http://www.vupen.com/english/advisories/2006/3748 Vdb Entry
http://www.vupen.com/english/advisories/2006/4387 Vdb Entry
http://www.vupen.com/english/advisories/2007/0293 Vdb Entry
http://www.vupen.com/english/advisories/2007/1198 Vdb Entry
http://www.vupen.com/english/advisories/2008/0083 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478 Signature
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5
Search vendor "Mozilla" for product "Firefox" and version "1.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5
Search vendor "Mozilla" for product "Firefox" and version "1.5"
beta1
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5
Search vendor "Mozilla" for product "Firefox" and version "1.5"
beta2
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.1
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.2
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.3
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.3"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.4
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.4"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.5
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.6
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.6"
-
Affected
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
1.5.0.7
Search vendor "Mozilla" for product "Firefox" and version "1.5.0.7"
-
Affected
Mozilla
Search vendor "Mozilla"
Network Security Services
Search vendor "Mozilla" for product "Network Security Services"
3.11.3
Search vendor "Mozilla" for product "Network Security Services" and version "3.11.3"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
alpha
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
dev
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0
Search vendor "Mozilla" for product "Seamonkey" and version "1.0"
beta
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.1
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.2
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.3
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.3"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.4
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.4"
-
Affected
Mozilla
Search vendor "Mozilla"
Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
1.0.5
Search vendor "Mozilla" for product "Seamonkey" and version "1.0.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
1.5
Search vendor "Mozilla" for product "Thunderbird" and version "1.5"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
1.5
Search vendor "Mozilla" for product "Thunderbird" and version "1.5"
beta2
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
1.5.0.1
Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.1"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
1.5.0.2
Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.2"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
1.5.0.3
Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.3"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
1.5.0.4
Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.4"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
1.5.0.6
Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.6"
-
Affected
Mozilla
Search vendor "Mozilla"
Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
1.5.0.7
Search vendor "Mozilla" for product "Thunderbird" and version "1.5.0.7"
-
Affected