CVE-2006-5462
Detail
Deferred
This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Description
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected] .
URL
Source(s)
Tag(s)
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
CVE, Inc., Red Hat
http://rhn.redhat.com/errata/RHSA-2006-0733.html
CVE, Inc., Red Hat
http://rhn.redhat.com/errata/RHSA-2006-0734.html
CVE, Inc., Red Hat
http://rhn.redhat.com/errata/RHSA-2006-0735.html
CVE, Inc., Red Hat
http://secunia.com/advisories/22066
CVE, Inc., Red Hat
http://secunia.com/advisories/22722
CVE, Inc., Red Hat
Patch
Vendor Advisory
http://secunia.com/advisories/22727
CVE, Inc., Red Hat
http://secunia.com/advisories/22737
CVE, Inc., Red Hat
http://secunia.com/advisories/22763
CVE, Inc., Red Hat
http://secunia.com/advisories/22770
CVE, Inc., Red Hat
Patch
Vendor Advisory
http://secunia.com/advisories/22815
CVE, Inc., Red Hat
http://secunia.com/advisories/22817
CVE, Inc., Red Hat
http://secunia.com/advisories/22929
CVE, Inc., Red Hat
http://secunia.com/advisories/22965
CVE, Inc., Red Hat
http://secunia.com/advisories/22980
CVE, Inc., Red Hat
http://secunia.com/advisories/23009
CVE, Inc., Red Hat
http://secunia.com/advisories/23013
CVE, Inc., Red Hat
http://secunia.com/advisories/23197
CVE, Inc., Red Hat
http://secunia.com/advisories/23202
CVE, Inc., Red Hat
http://secunia.com/advisories/23235
CVE, Inc., Red Hat
http://secunia.com/advisories/23263
CVE, Inc., Red Hat
http://secunia.com/advisories/23287
CVE, Inc., Red Hat
http://secunia.com/advisories/23297
CVE, Inc., Red Hat
http://secunia.com/advisories/23883
CVE, Inc., Red Hat
http://secunia.com/advisories/24711
CVE, Inc., Red Hat
http://security.gentoo.org/glsa/glsa-200612-06.xml
CVE, Inc., Red Hat
http://security.gentoo.org/glsa/glsa-200612-07.xml
CVE, Inc., Red Hat
http://security.gentoo.org/glsa/glsa-200612-08.xml
CVE, Inc., Red Hat
http://securitytracker.com/id?1017180
CVE, Inc., Red Hat
http://securitytracker.com/id?1017181
CVE, Inc., Red Hat
http://securitytracker.com/id?1017182
CVE, Inc., Red Hat
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
CVE, Inc., Red Hat
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
CVE, Inc., Red Hat
http://www.debian.org/security/2006/dsa-1224
CVE, Inc., Red Hat
http://www.debian.org/security/2006/dsa-1225
CVE, Inc., Red Hat
http://www.debian.org/security/2006/dsa-1227
CVE, Inc., Red Hat
http://www.kb.cert.org/vuls/id/335392
CVE, Inc., Red Hat
Patch
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
CVE, Inc., Red Hat
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
CVE, Inc., Red Hat
Patch
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
CVE, Inc., Red Hat
Patch
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/usn-381-1
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/usn-382-1
CVE, Inc., Red Hat
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
CVE, Inc., Red Hat
Patch
US Government Resource
http://www.vupen.com/english/advisories/2006/3748
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2006/4387
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/0293
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2007/1198
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2008/0083
CVE, Inc., Red Hat
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
CVE, Inc., Red Hat
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
CVE, Inc., Red Hat
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
CVE, Inc., Red Hat
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478
CVE, Inc., Red Hat
Weakness Enumeration
CWE-ID
CWE Name
Source
NVD-CWE-Other
Other
NIST  
Change History
5 change records found show changes
CVE Modified by CVE 11/20/2024 7:19:20 PM
Action
Type
Old Value
New Value
Added
Reference
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
Added
Reference
http://rhn.redhat.com/errata/RHSA-2006-0733.html
Added
Reference
http://rhn.redhat.com/errata/RHSA-2006-0734.html
Added
Reference
http://rhn.redhat.com/errata/RHSA-2006-0735.html
Added
Reference
http://secunia.com/advisories/22066
Added
Reference
http://secunia.com/advisories/22722
Added
Reference
http://secunia.com/advisories/22727
Added
Reference
http://secunia.com/advisories/22737
Added
Reference
http://secunia.com/advisories/22763
Added
Reference
http://secunia.com/advisories/22770
Added
Reference
http://secunia.com/advisories/22815
Added
Reference
http://secunia.com/advisories/22817
Added
Reference
http://secunia.com/advisories/22929
Added
Reference
http://secunia.com/advisories/22965
Added
Reference
http://secunia.com/advisories/22980
Added
Reference
http://secunia.com/advisories/23009
Added
Reference
http://secunia.com/advisories/23013
Added
Reference
http://secunia.com/advisories/23197
Added
Reference
http://secunia.com/advisories/23202
Added
Reference
http://secunia.com/advisories/23235
Added
Reference
http://secunia.com/advisories/23263
Added
Reference
http://secunia.com/advisories/23287
Added
Reference
http://secunia.com/advisories/23297
Added
Reference
http://secunia.com/advisories/23883
Added
Reference
http://secunia.com/advisories/24711
Added
Reference
http://security.gentoo.org/glsa/glsa-200612-06.xml
Added
Reference
http://security.gentoo.org/glsa/glsa-200612-07.xml
Added
Reference
http://security.gentoo.org/glsa/glsa-200612-08.xml
Added
Reference
http://securitytracker.com/id?1017180
Added
Reference
http://securitytracker.com/id?1017181
Added
Reference
http://securitytracker.com/id?1017182
Added
Reference
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
Added
Reference
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm
Added
Reference
http://www.debian.org/security/2006/dsa-1224
Added
Reference
http://www.debian.org/security/2006/dsa-1225
Added
Reference
http://www.debian.org/security/2006/dsa-1227
Added
Reference
http://www.kb.cert.org/vuls/id/335392
Added
Reference
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
Added
Reference
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
Added
Reference
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
Added
Reference
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
Added
Reference
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
Added
Reference
http://www.ubuntu.com/usn/usn-381-1
Added
Reference
http://www.ubuntu.com/usn/usn-382-1
Added
Reference
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
Added
Reference
http://www.vupen.com/english/advisories/2006/3748
Added
Reference
http://www.vupen.com/english/advisories/2006/4387
Added
Reference
http://www.vupen.com/english/advisories/2007/0293
Added
Reference
http://www.vupen.com/english/advisories/2007/1198
Added
Reference
http://www.vupen.com/english/advisories/2008/0083
Added
Reference
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
Added
Reference
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
Added
Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478
CVE Modified by Red Hat, Inc. 5/13/2024 9:40:13 PM
Action
Type
Old Value
New Value
CVE Modified by Red Hat, Inc. 10/10/2017 9:31:19 PM
Action
Type
Old Value
New Value
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10478 [No Types Assigned]
CVE Modified by Red Hat, Inc. 7/19/2017 9:33:46 PM
Action
Type
Old Value
New Value
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098 [No Types Assigned]
Removed
Reference
http://xforce.iss.net/xforce/xfdb/30098 [No Types Assigned]
Initial CVE Analysis 11/09/2006 2:22:00 PM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2006-5462 NVD
Published Date: 11/08/2006 NVD
Last Modified: 04/08/2025
Source: Red Hat, Inc.