Vulnerability-Lookup

CVE-2006-4340 (GCVE-0-2006-4340)

Vulnerability from cvelistv5 – Published: 2006-09-15 22:00 – Updated: 2024-08-07 19:06

Summary

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.matasano.com/log/469/many-rsa-signatur…	x_refsource_MISC
	http://securitytracker.com/id?1016858	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/22992	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/3748	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1016859	vdb-entryx_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/23883	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/3899	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/22044	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22055	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22195	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-361-1	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/usn-352-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/22446	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21950	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-351-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/22025	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22056	third-party-advisoryx_refsource_SECUNIA
	http://www.imc.org/ietf-openpgp/mail-archive/msg1…	mailing-listx_refsource_MLIST
	http://www.us-cert.gov/cas/techalerts/TA06-312A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/22247	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.us.debian.org/security/2006/dsa-1191	vendor-advisoryx_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2007/0293	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/22210	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2006/dsa-1210	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/24711	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/3622	vdb-entryx_refsource_VUPEN
	http://www.mozilla.org/security/announce/2006/mfs…	x_refsource_CONFIRM
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://securitytracker.com/id?1016860	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/22849	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/0083	vdb-entryx_refsource_VUPEN
	ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
	http://secunia.com/advisories/21939	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/3617	vdb-entryx_refsource_VUPEN
	http://www.gentoo.org/security/en/glsa/glsa-20061…	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/21915	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/1198	vdb-entryx_refsource_VUPEN
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2006/dsa-1192	vendor-advisoryx_refsource_DEBIAN
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200609-19.xml	vendor-advisoryx_refsource_GENTOO
	http://www1.itrc.hp.com/service/cki/docDisplay.do…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/22274	third-party-advisoryx_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2006-06…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/21940	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://secunia.com/advisories/22001	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/446140/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/21903	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-350-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/21906	third-party-advisoryx_refsource_SECUNIA
	http://www1.itrc.hp.com/service/cki/docDisplay.do…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/22342	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200610-01.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/22074	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22226	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22066	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22088	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21949	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	https://issues.rpath.com/browse/RPL-640	x_refsource_CONFIRM
	http://www.mozilla.org/security/announce/2006/mfs…	x_refsource_MISC
	http://secunia.com/advisories/22036	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.ubuntu.com/usn/usn-354-1	vendor-advisoryx_refsource_UBUNTU
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://secunia.com/advisories/22422	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/22299	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/21916	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "name": "1016858",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016858"
          },
          {
            "name": "22992",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22992"
          },
          {
            "name": "ADV-2006-3748",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3748"
          },
          {
            "name": "1016859",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016859"
          },
          {
            "name": "RHSA-2006:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
          },
          {
            "name": "23883",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23883"
          },
          {
            "name": "ADV-2006-3899",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3899"
          },
          {
            "name": "22044",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22044"
          },
          {
            "name": "22055",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22055"
          },
          {
            "name": "22195",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22195"
          },
          {
            "name": "USN-361-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-361-1"
          },
          {
            "name": "USN-352-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-352-1"
          },
          {
            "name": "22446",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22446"
          },
          {
            "name": "21950",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21950"
          },
          {
            "name": "USN-351-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-351-1"
          },
          {
            "name": "22025",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22025"
          },
          {
            "name": "22056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22056"
          },
          {
            "name": "[ietf-openpgp] 20060827 Bleichenbacher\u0027s RSA signature forgery based on implementation error",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "name": "TA06-312A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
          },
          {
            "name": "22247",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22247"
          },
          {
            "name": "MDKSA-2006:168",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
          },
          {
            "name": "DSA-1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.us.debian.org/security/2006/dsa-1191"
          },
          {
            "name": "ADV-2007-0293",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0293"
          },
          {
            "name": "22210",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22210"
          },
          {
            "name": "DSA-1210",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1210"
          },
          {
            "name": "24711",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24711"
          },
          {
            "name": "ADV-2006-3622",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3622"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
          },
          {
            "name": "1016860",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016860"
          },
          {
            "name": "22849",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22849"
          },
          {
            "name": "ADV-2008-0083",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "20060901-01-P",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "21939",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21939"
          },
          {
            "name": "ADV-2006-3617",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3617"
          },
          {
            "name": "GLSA-200610-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
          },
          {
            "name": "21915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21915"
          },
          {
            "name": "ADV-2007-1198",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/1198"
          },
          {
            "name": "RHSA-2006:0677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
          },
          {
            "name": "DSA-1192",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1192"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
          },
          {
            "name": "GLSA-200609-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
          },
          {
            "name": "SSRT061181",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
          },
          {
            "name": "22274",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22274"
          },
          {
            "name": "RHSA-2006:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
          },
          {
            "name": "21940",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21940"
          },
          {
            "name": "mozilla-nss-security-bypass(30098)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
          },
          {
            "name": "102648",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
          },
          {
            "name": "22001",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22001"
          },
          {
            "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
          },
          {
            "name": "21903",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21903"
          },
          {
            "name": "USN-350-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-350-1"
          },
          {
            "name": "21906",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21906"
          },
          {
            "name": "HPSBUX02153",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
          },
          {
            "name": "22342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22342"
          },
          {
            "name": "GLSA-200610-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
          },
          {
            "name": "22074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22074"
          },
          {
            "name": "22226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22226"
          },
          {
            "name": "22066",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22066"
          },
          {
            "name": "22088",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22088"
          },
          {
            "name": "21949",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21949"
          },
          {
            "name": "SUSE-SA:2006:054",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-640"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
          },
          {
            "name": "22036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "SUSE-SA:2006:055",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11007",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
          },
          {
            "name": "USN-354-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-354-1"
          },
          {
            "name": "102781",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
          },
          {
            "name": "22422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22422"
          },
          {
            "name": "22299",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22299"
          },
          {
            "name": "MDKSA-2006:169",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
          },
          {
            "name": "21916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21916"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-14T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.  NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T00:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
        },
        {
          "name": "1016858",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016858"
        },
        {
          "name": "22992",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22992"
        },
        {
          "name": "ADV-2006-3748",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3748"
        },
        {
          "name": "1016859",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016859"
        },
        {
          "name": "RHSA-2006:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
        },
        {
          "name": "23883",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23883"
        },
        {
          "name": "ADV-2006-3899",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3899"
        },
        {
          "name": "22044",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22044"
        },
        {
          "name": "22055",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22055"
        },
        {
          "name": "22195",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22195"
        },
        {
          "name": "USN-361-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-361-1"
        },
        {
          "name": "USN-352-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-352-1"
        },
        {
          "name": "22446",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22446"
        },
        {
          "name": "21950",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21950"
        },
        {
          "name": "USN-351-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-351-1"
        },
        {
          "name": "22025",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22025"
        },
        {
          "name": "22056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22056"
        },
        {
          "name": "[ietf-openpgp] 20060827 Bleichenbacher\u0027s RSA signature forgery based on implementation error",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
        },
        {
          "name": "TA06-312A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
        },
        {
          "name": "22247",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22247"
        },
        {
          "name": "MDKSA-2006:168",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
        },
        {
          "name": "DSA-1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.us.debian.org/security/2006/dsa-1191"
        },
        {
          "name": "ADV-2007-0293",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0293"
        },
        {
          "name": "22210",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22210"
        },
        {
          "name": "DSA-1210",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1210"
        },
        {
          "name": "24711",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24711"
        },
        {
          "name": "ADV-2006-3622",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3622"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
        },
        {
          "name": "1016860",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016860"
        },
        {
          "name": "22849",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22849"
        },
        {
          "name": "ADV-2008-0083",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0083"
        },
        {
          "name": "20060901-01-P",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
        },
        {
          "name": "21939",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21939"
        },
        {
          "name": "ADV-2006-3617",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3617"
        },
        {
          "name": "GLSA-200610-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
        },
        {
          "name": "21915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21915"
        },
        {
          "name": "ADV-2007-1198",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/1198"
        },
        {
          "name": "RHSA-2006:0677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
        },
        {
          "name": "DSA-1192",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1192"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
        },
        {
          "name": "GLSA-200609-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
        },
        {
          "name": "SSRT061181",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
        },
        {
          "name": "22274",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22274"
        },
        {
          "name": "RHSA-2006:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
        },
        {
          "name": "21940",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21940"
        },
        {
          "name": "mozilla-nss-security-bypass(30098)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
        },
        {
          "name": "102648",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
        },
        {
          "name": "22001",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22001"
        },
        {
          "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
        },
        {
          "name": "21903",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21903"
        },
        {
          "name": "USN-350-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-350-1"
        },
        {
          "name": "21906",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21906"
        },
        {
          "name": "HPSBUX02153",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
        },
        {
          "name": "22342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22342"
        },
        {
          "name": "GLSA-200610-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
        },
        {
          "name": "22074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22074"
        },
        {
          "name": "22226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22226"
        },
        {
          "name": "22066",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22066"
        },
        {
          "name": "22088",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22088"
        },
        {
          "name": "21949",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21949"
        },
        {
          "name": "SUSE-SA:2006:054",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-640"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
        },
        {
          "name": "22036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22036"
        },
        {
          "name": "SUSE-SA:2006:055",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11007",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
        },
        {
          "name": "USN-354-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-354-1"
        },
        {
          "name": "102781",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
        },
        {
          "name": "22422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22422"
        },
        {
          "name": "22299",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22299"
        },
        {
          "name": "MDKSA-2006:169",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
        },
        {
          "name": "21916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21916"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-4340",
    "datePublished": "2006-09-15T22:00:00.000Z",
    "dateReserved": "2006-08-24T04:00:00.000Z",
    "dateUpdated": "2024-08-07T19:06:07.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2006-AVI-391

Vulnerability from certfr_avis - Published: 2006-09-15 - Updated: 2006-09-28

Plusieurs vulnérabilités ont été identifies dans les produits Mozilla Firefox, Thunderbird et SeaMonkey. L'exploitation de ceux-ci contre un système vulnérable peuvent conduire à une exécution de code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été identifiées dans les produits Mozilla Firefox, Thunderbird et SeaMonkey. Parmi celles-ci :

la manipulation de certains codes Javascript par le navigateur Firefox pourrait provoquer un débordement de la mémoire, et ainsi permettre l'exécution de commandes arbitraires. L'utilisateur doit visiter une page construite de manière malveillante pour être impacté. Cependant, la messagerie Thunderbird utilise en grande partie le noyau du navigateur Firefox pour l'affichage de messages en format HTML, quand cela est autorisé. L'utilisateur pourrait donc avoir son système compromis suite à la lecture d'un courrier électronique. Cette option n'est pas activée par défaut.
la désactivation de Javascript dans la messagerie Thunderbird ne serait pas correctement effectuée, et pourrait être contournée afin de permettre l'exécution de code Javascript à l'insu de l'utilisateur.
une mauvaise vérification des signatures RSA PKCS #1 v1.5 utilisant un exposant de valeur 3. Cette vulnérabilité est à mettre en relation avec l'avis du CERTA CERTA-200-AVI-384 concernant OpenSSL.
la procédure de mise à jour de Firefox et Thunderbird, basée sur SSL ne s'effecturait pas correctement. Il serait possible, en usurpant les réponses DNS adressées à la victime, de rediriger ses requêtes de mises à jour vers un site malveillant. Le certificat ne serait alors pas convenablement vérifié.

Solution

Se référer au bulletin de sécurité de Mozilla pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Mozilla	N/A	Mozilla SeaMonkey 1.0.4 ainsi que les versions antérieures.
Mozilla	Thunderbird	Mozilla Thunderbird 1.5.0.5 ainsi que les versions antérieures ;
Mozilla	Firefox	Mozilla Firefox 1.5.0.6 ainsi que les versions antérieures ;

References

Title

Publication Time

FKIE_CVE-2006-4340

Vulnerability from fkie_nvd - Published: 2006-09-15 18:07 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
secalert@redhat.com	http://secunia.com/advisories/21903	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/21906	Patch, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/21915	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/21916	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/21939	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/21940	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/21949	Patch, Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/21950	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22001	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22025	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22036	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22044
secalert@redhat.com	http://secunia.com/advisories/22055	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22056
secalert@redhat.com	http://secunia.com/advisories/22066
secalert@redhat.com	http://secunia.com/advisories/22074	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22088	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22195
secalert@redhat.com	http://secunia.com/advisories/22210	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22226	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22247	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22274	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22299	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22342	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22422	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22446	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/22849
secalert@redhat.com	http://secunia.com/advisories/22992
secalert@redhat.com	http://secunia.com/advisories/23883
secalert@redhat.com	http://secunia.com/advisories/24711
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200609-19.xml
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200610-01.xml
secalert@redhat.com	http://securitytracker.com/id?1016858
secalert@redhat.com	http://securitytracker.com/id?1016859
secalert@redhat.com	http://securitytracker.com/id?1016860
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
secalert@redhat.com	http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
secalert@redhat.com	http://www.debian.org/security/2006/dsa-1192
secalert@redhat.com	http://www.debian.org/security/2006/dsa-1210
secalert@redhat.com	http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
secalert@redhat.com	http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
secalert@redhat.com	http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
secalert@redhat.com	http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
secalert@redhat.com	http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
secalert@redhat.com	http://www.novell.com/linux/security/advisories/2006_55_ssl.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0675.html	Vendor Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0676.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2006-0677.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/446140/100/0/threaded
secalert@redhat.com	http://www.ubuntu.com/usn/usn-350-1
secalert@redhat.com	http://www.ubuntu.com/usn/usn-351-1
secalert@redhat.com	http://www.ubuntu.com/usn/usn-352-1
secalert@redhat.com	http://www.ubuntu.com/usn/usn-354-1
secalert@redhat.com	http://www.ubuntu.com/usn/usn-361-1
secalert@redhat.com	http://www.us-cert.gov/cas/techalerts/TA06-312A.html	US Government Resource
secalert@redhat.com	http://www.us.debian.org/security/2006/dsa-1191
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/3617
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/3622
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/3748
secalert@redhat.com	http://www.vupen.com/english/advisories/2006/3899
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/0293
secalert@redhat.com	http://www.vupen.com/english/advisories/2007/1198
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/0083
secalert@redhat.com	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
secalert@redhat.com	https://issues.rpath.com/browse/RPL-640
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21903	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21906	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21915	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21916	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21939	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21940	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21949	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21950	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22001	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22025	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22036	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22044
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22055	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22056
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22066
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22074	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22088	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22195
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22210	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22226	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22247	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22274	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22299	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22342	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22422	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22446	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22849
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22992
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23883
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24711
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200609-19.xml
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200610-01.xml
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016858
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016859
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016860
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1192
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1210
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
af854a3a-2127-422b-91ae-364da2661108	http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_55_ssl.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0675.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0676.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0677.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446140/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-350-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-351-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-352-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-354-1
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-361-1
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-312A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us.debian.org/security/2006/dsa-1191
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3617
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3622
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3748
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3899
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0293
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1198
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0083
af854a3a-2127-422b-91ae-364da2661108	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-640
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	network_security_services	*
mozilla	seamonkey	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "553BE4FA-523B-4AED-90D4-6FFCFD91E4F8",
              "versionEndIncluding": "1.5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61D6DE3-BD82-4A09-9537-806FAEEA8FB5",
              "versionEndIncluding": "3.11.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DCE4360-4064-47F8-B4B1-12D15D31BE13",
              "versionEndIncluding": "1.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C246DC3-0BAF-4FE2-B160-EE223E8F3CD2",
              "versionEndIncluding": "1.5.0.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.  NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
    },
    {
      "lang": "es",
      "value": "La librer\u00eda Mozilla Network Security Service (NSS) anterior a 3.11.3, usada en Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior a 1.5.0.7, y SeaMonkey anterior a 1.0.5, cuando se usa una llave RSA con exponente 3, no maneja correctamente los datos en una firma, lo que permite a atacantes remotos falsificar firmas para SSL/TLS y certificados de correo electr\u00f3nico; una vulnerabilidad muy similar a la CVE-2006-4339. NOTA: el 7/11/2006, Mozilla public\u00f3 un aviso afirmando que estas versiones no estaban completamente parcheadas por MFSA2006-60. Las nuevas correcciones para 1.5.0.7 se tratan en CVE-2006-5462."
    }
  ],
  "id": "CVE-2006-4340",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-15T18:07:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21903"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21906"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21949"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21950"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22001"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22025"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22044"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22195"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22210"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22226"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22247"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22299"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22342"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22422"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22446"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22849"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/22992"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/23883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/24711"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1016858"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1016859"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1016860"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2006/dsa-1192"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2006/dsa-1210"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-351-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-354-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-361-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.us.debian.org/security/2006/dsa-1191"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/3617"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/3622"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2006/3899"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/0293"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/1198"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-640"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21903"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/24711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016859"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1192"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-351-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-354-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-361-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.us.debian.org/security/2006/dsa-1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-Q7VF-RJWH-CHXV

Vulnerability from github – Published: 2022-05-03 03:16 – Updated: 2022-05-03 03:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4340"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-15T18:07:00Z",
    "severity": "MODERATE"
  },
  "details": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.  NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.",
  "id": "GHSA-q7vf-rjwh-chxv",
  "modified": "2022-05-03T03:16:25Z",
  "published": "2022-05-03T03:16:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4340"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-640"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21903"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21906"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21915"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21916"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21939"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21940"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21949"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21950"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22001"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22025"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22036"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22044"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22055"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22056"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22066"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22074"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22088"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22195"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22210"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22226"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22247"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22274"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22299"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22342"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22422"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22446"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22849"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22992"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23883"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24711"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016858"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016859"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016860"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1192"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1210"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
    },
    {
      "type": "WEB",
      "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-350-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-351-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-352-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-354-1"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-361-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us.debian.org/security/2006/dsa-1191"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3617"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3622"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3748"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3899"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0293"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/1198"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0083"
    },
    {
      "type": "WEB",
      "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-4340

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-4340

Aliases

CVE-2006-4340

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4340",
    "description": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.  NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.",
    "id": "GSD-2006-4340",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-4340.html",
      "https://www.debian.org/security/2006/dsa-1210",
      "https://www.debian.org/security/2006/dsa-1192",
      "https://www.debian.org/security/2006/dsa-1191",
      "https://access.redhat.com/errata/RHSA-2006:0677",
      "https://access.redhat.com/errata/RHSA-2006:0676",
      "https://access.redhat.com/errata/RHSA-2006:0675",
      "https://linux.oracle.com/cve/CVE-2006-4340.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4340"
      ],
      "details": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.",
      "id": "GSD-2006-4340",
      "modified": "2023-12-13T01:19:51.547080Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2006-4340",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/22055",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22055"
          },
          {
            "name": "http://secunia.com/advisories/22066",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22066"
          },
          {
            "name": "http://secunia.com/advisories/22210",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22210"
          },
          {
            "name": "http://secunia.com/advisories/22342",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22342"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-350-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-350-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-354-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-354-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-361-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-361-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/3748",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/3748"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/0083",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/0083"
          },
          {
            "name": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc",
            "refsource": "MISC",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
          },
          {
            "name": "http://secunia.com/advisories/21903",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21903"
          },
          {
            "name": "http://secunia.com/advisories/21906",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21906"
          },
          {
            "name": "http://secunia.com/advisories/21915",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21915"
          },
          {
            "name": "http://secunia.com/advisories/21916",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21916"
          },
          {
            "name": "http://secunia.com/advisories/21939",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21939"
          },
          {
            "name": "http://secunia.com/advisories/21940",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21940"
          },
          {
            "name": "http://secunia.com/advisories/21949",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21949"
          },
          {
            "name": "http://secunia.com/advisories/21950",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/21950"
          },
          {
            "name": "http://secunia.com/advisories/22001",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22001"
          },
          {
            "name": "http://secunia.com/advisories/22025",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22025"
          },
          {
            "name": "http://secunia.com/advisories/22036",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22036"
          },
          {
            "name": "http://secunia.com/advisories/22044",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22044"
          },
          {
            "name": "http://secunia.com/advisories/22056",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22056"
          },
          {
            "name": "http://secunia.com/advisories/22074",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22074"
          },
          {
            "name": "http://secunia.com/advisories/22088",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22088"
          },
          {
            "name": "http://secunia.com/advisories/22195",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22195"
          },
          {
            "name": "http://secunia.com/advisories/22226",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22226"
          },
          {
            "name": "http://secunia.com/advisories/22247",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22247"
          },
          {
            "name": "http://secunia.com/advisories/22274",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22274"
          },
          {
            "name": "http://secunia.com/advisories/22299",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22299"
          },
          {
            "name": "http://secunia.com/advisories/22422",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22422"
          },
          {
            "name": "http://secunia.com/advisories/22446",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22446"
          },
          {
            "name": "http://secunia.com/advisories/22849",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22849"
          },
          {
            "name": "http://secunia.com/advisories/22992",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/22992"
          },
          {
            "name": "http://secunia.com/advisories/23883",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/23883"
          },
          {
            "name": "http://secunia.com/advisories/24711",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/24711"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200609-19.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
          },
          {
            "name": "http://security.gentoo.org/glsa/glsa-200610-01.xml",
            "refsource": "MISC",
            "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
          },
          {
            "name": "http://securitytracker.com/id?1016858",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1016858"
          },
          {
            "name": "http://securitytracker.com/id?1016859",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1016859"
          },
          {
            "name": "http://securitytracker.com/id?1016860",
            "refsource": "MISC",
            "url": "http://securitytracker.com/id?1016860"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm",
            "refsource": "MISC",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm",
            "refsource": "MISC",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
          },
          {
            "name": "http://www.debian.org/security/2006/dsa-1192",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2006/dsa-1192"
          },
          {
            "name": "http://www.debian.org/security/2006/dsa-1210",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2006/dsa-1210"
          },
          {
            "name": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml",
            "refsource": "MISC",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
          },
          {
            "name": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html",
            "refsource": "MISC",
            "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
          },
          {
            "name": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/",
            "refsource": "MISC",
            "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html",
            "refsource": "MISC",
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html",
            "refsource": "MISC",
            "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
          },
          {
            "name": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html",
            "refsource": "MISC",
            "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
          },
          {
            "name": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html",
            "refsource": "MISC",
            "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0675.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0676.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2006-0677.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/446140/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-351-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-351-1"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-352-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-352-1"
          },
          {
            "name": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html",
            "refsource": "MISC",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
          },
          {
            "name": "http://www.us.debian.org/security/2006/dsa-1191",
            "refsource": "MISC",
            "url": "http://www.us.debian.org/security/2006/dsa-1191"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/3617",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/3617"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/3622",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/3622"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2006/3899",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2006/3899"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/0293",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/0293"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2007/1198",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2007/1198"
          },
          {
            "name": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742",
            "refsource": "MISC",
            "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
          },
          {
            "name": "https://issues.rpath.com/browse/RPL-640",
            "refsource": "MISC",
            "url": "https://issues.rpath.com/browse/RPL-640"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.11.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.0.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.0.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2006-4340"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[ietf-openpgp] 20060827 Bleichenbacher\u0027s RSA signature forgery based on implementation error",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html"
            },
            {
              "name": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/"
            },
            {
              "name": "RHSA-2006:0676",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html"
            },
            {
              "name": "RHSA-2006:0677",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html"
            },
            {
              "name": "21906",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21906"
            },
            {
              "name": "21949",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21949"
            },
            {
              "name": "RHSA-2006:0675",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html"
            },
            {
              "name": "1016858",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016858"
            },
            {
              "name": "1016859",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016859"
            },
            {
              "name": "1016860",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016860"
            },
            {
              "name": "21903",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21903"
            },
            {
              "name": "21915",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21915"
            },
            {
              "name": "21916",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21916"
            },
            {
              "name": "21939",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21939"
            },
            {
              "name": "21940",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21940"
            },
            {
              "name": "21950",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21950"
            },
            {
              "name": "20060901-01-P",
              "refsource": "SGI",
              "tags": [],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc"
            },
            {
              "name": "USN-350-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-350-1"
            },
            {
              "name": "22036",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22036"
            },
            {
              "name": "22001",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22001"
            },
            {
              "name": "GLSA-200609-19",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml"
            },
            {
              "name": "SUSE-SA:2006:054",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_54_mozilla.html"
            },
            {
              "name": "SUSE-SA:2006:055",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_55_ssl.html"
            },
            {
              "name": "USN-351-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-351-1"
            },
            {
              "name": "USN-352-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-352-1"
            },
            {
              "name": "USN-354-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-354-1"
            },
            {
              "name": "22025",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22025"
            },
            {
              "name": "22055",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22055"
            },
            {
              "name": "22074",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22074"
            },
            {
              "name": "22088",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22088"
            },
            {
              "name": "DSA-1191",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.us.debian.org/security/2006/dsa-1191"
            },
            {
              "name": "GLSA-200610-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml"
            },
            {
              "name": "102648",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1"
            },
            {
              "name": "22210",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22210"
            },
            {
              "name": "22226",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22226"
            },
            {
              "name": "22247",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22247"
            },
            {
              "name": "22274",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22274"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm"
            },
            {
              "name": "DSA-1192",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1192"
            },
            {
              "name": "GLSA-200610-06",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml"
            },
            {
              "name": "USN-361-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-361-1"
            },
            {
              "name": "22299",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22299"
            },
            {
              "name": "22342",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22342"
            },
            {
              "name": "22422",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22422"
            },
            {
              "name": "22446",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22446"
            },
            {
              "name": "TA06-312A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-312A.html"
            },
            {
              "name": "DSA-1210",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1210"
            },
            {
              "name": "22849",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22849"
            },
            {
              "name": "22056",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22056"
            },
            {
              "name": "22195",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22195"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm"
            },
            {
              "name": "22992",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22992"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-640",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.rpath.com/browse/RPL-640"
            },
            {
              "name": "102781",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1"
            },
            {
              "name": "23883",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23883"
            },
            {
              "name": "22044",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22044"
            },
            {
              "name": "24711",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/24711"
            },
            {
              "name": "MDKSA-2006:168",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168"
            },
            {
              "name": "MDKSA-2006:169",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169"
            },
            {
              "name": "22066",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/22066"
            },
            {
              "name": "ADV-2006-3617",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3617"
            },
            {
              "name": "ADV-2007-0293",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0293"
            },
            {
              "name": "ADV-2006-3748",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3748"
            },
            {
              "name": "ADV-2007-1198",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/1198"
            },
            {
              "name": "SSRT061181",
              "refsource": "HP",
              "tags": [],
              "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742"
            },
            {
              "name": "ADV-2008-0083",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0083"
            },
            {
              "name": "ADV-2006-3899",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3899"
            },
            {
              "name": "ADV-2006-3622",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3622"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-60.html"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-66.html"
            },
            {
              "name": "mozilla-nss-security-bypass(30098)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30098"
            },
            {
              "name": "oval:org.mitre.oval:def:11007",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007"
            },
            {
              "name": "20060915 rPSA-2006-0169-1 firefox thunderbird",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:16Z",
      "publishedDate": "2006-09-15T18:07Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-4340 (GCVE-0-2006-4340)

CERTA-2006-AVI-391

Description

Solution

FKIE_CVE-2006-4340

GHSA-Q7VF-RJWH-CHXV

GSD-2006-4340

Tags

Sightings

Nomenclature