FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-4340

This CVE name corresponds to:

Entered Topic
2006-09-15 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-4340
Phase Assigned(20060824)

Description

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

References

Source Reference
BUGTRAQ 20060915 rPSA-2006-0169-1 firefox thunderbird
MLIST [ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
MISC http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
MISC http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
CONFIRM https://issues.rpath.com/browse/RPL-640
DEBIAN DSA-1191
DEBIAN DSA-1192
DEBIAN DSA-1210
GENTOO GLSA-200609-19
GENTOO GLSA-200610-01
GENTOO GLSA-200610-06
HP HPSBUX02153
HP SSRT061181
MANDRIVA MDKSA-2006:168
MANDRIVA MDKSA-2006:169
REDHAT RHSA-2006:0676
REDHAT RHSA-2006:0677
REDHAT RHSA-2006:0675
SGI 20060901-01-P
SUNALERT 102648
SUNALERT 102781
SUSE SUSE-SA:2006:054
SUSE SUSE-SA:2006:055
UBUNTU USN-350-1
UBUNTU USN-351-1
UBUNTU USN-352-1
UBUNTU USN-354-1
UBUNTU USN-361-1
CERT TA06-312A
OVAL oval:org.mitre.oval:def:11007
VUPEN ADV-2006-3617
VUPEN ADV-2006-3622
VUPEN ADV-2006-3899
VUPEN ADV-2007-0293
VUPEN ADV-2007-1198
VUPEN ADV-2006-3748
VUPEN ADV-2008-0083
SECTRACK 1016858
SECTRACK 1016859
SECTRACK 1016860
SECUNIA 21906
SECUNIA 21949
SECUNIA 21903
SECUNIA 21915
SECUNIA 21916
SECUNIA 21939
SECUNIA 21940
SECUNIA 21950
SECUNIA 22036
SECUNIA 22001
SECUNIA 22025
SECUNIA 22055
SECUNIA 22074
SECUNIA 22088
SECUNIA 22210
SECUNIA 22226
SECUNIA 22247
SECUNIA 22274
SECUNIA 22299
SECUNIA 22342
SECUNIA 22422
SECUNIA 22446
SECUNIA 22849
SECUNIA 22056
SECUNIA 22195
SECUNIA 22992
SECUNIA 23883
SECUNIA 22044
SECUNIA 24711
SECUNIA 22066
XF mozilla-nss-security-bypass(30098)