Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-4340 | First vendor Publication | 2006-09-15 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11007 | |||
Oval ID: | oval:org.mitre.oval:def:11007 | ||
Title: | Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. | ||
Description: | Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-4340 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200609-19 (Firefox) File : nvt/glsa_200609_19.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200610-01 (thunderbird) File : nvt/glsa_200610_01.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200610-06 (nss) File : nvt/glsa_200610_06.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox25.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1191-1 (mozilla-thunderbird) File : nvt/deb_1191_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1192-1 (mozilla) File : nvt/deb_1192_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1210-1 (mozilla-firefox) File : nvt/deb_1210_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29013 | Mozilla Multiple Products NSS Library RSA Exponent 3 Signature Forgery |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0735.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0734.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0733.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The SSL layer on the remote server does not properly verify signatures. File : openssl_0_9_7k_0_9_8c.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nss-2067.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-2088.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-382-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-381-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-361-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-352-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-351-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-350-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-nss-2071.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-2100.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-2090.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-2098.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-205.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_055.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-168.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-169.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-206.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-979.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1210.nasl - Type : ACT_GATHER_INFO |
2006-10-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200610-06.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1191.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1192.nasl - Type : ACT_GATHER_INFO |
2006-10-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200610-01.nasl - Type : ACT_GATHER_INFO |
2006-09-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200609-19.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0677.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0676.nasl - Type : ACT_GATHER_INFO |
2006-09-22 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0675.nasl - Type : ACT_GATHER_INFO |
2006-09-16 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_105.nasl - Type : ACT_GATHER_INFO |
2006-09-16 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_1507.nasl - Type : ACT_GATHER_INFO |
2006-09-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1507.nasl - Type : ACT_GATHER_INFO |
2006-09-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e6296105449b11dbba89000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
2006-09-15 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0677.nasl - Type : ACT_GATHER_INFO |
2006-09-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0676.nasl - Type : ACT_GATHER_INFO |
2006-09-15 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0675.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-10 01:04:35 |
|
2024-02-02 01:04:48 |
|
2024-02-01 12:02:00 |
|
2023-11-07 21:48:02 |
|
2023-09-05 12:04:29 |
|
2023-09-05 01:01:52 |
|
2023-09-02 12:04:32 |
|
2023-09-02 01:01:52 |
|
2023-08-12 12:05:23 |
|
2023-08-12 01:01:52 |
|
2023-08-11 12:04:37 |
|
2023-08-11 01:01:55 |
|
2023-08-06 12:04:22 |
|
2023-08-06 01:01:53 |
|
2023-08-04 12:04:27 |
|
2023-08-04 01:01:56 |
|
2023-07-14 12:04:26 |
|
2023-07-14 01:01:54 |
|
2023-03-29 01:04:48 |
|
2023-03-28 12:01:59 |
|
2023-02-13 09:29:28 |
|
2022-10-11 12:03:56 |
|
2022-10-11 01:01:45 |
|
2021-05-04 12:04:28 |
|
2021-04-22 01:05:08 |
|
2020-10-14 01:02:08 |
|
2020-10-03 01:02:09 |
|
2020-05-29 01:02:01 |
|
2020-05-24 01:02:41 |
|
2020-05-23 00:18:17 |
|
2019-06-25 12:01:31 |
|
2019-03-18 12:01:25 |
|
2019-01-30 12:01:57 |
|
2018-10-18 00:19:39 |
|
2018-08-10 12:01:14 |
|
2018-07-13 01:02:09 |
|
2018-01-11 12:02:10 |
|
2017-11-21 12:01:37 |
|
2017-10-11 09:23:44 |
|
2017-07-20 09:23:50 |
|
2016-04-26 14:59:52 |
|
2014-02-17 10:37:00 |
|
2013-09-07 13:20:38 |
|
2013-05-11 11:07:16 |
|