NVD

Id
62979  
Name
CVE-2006-4340  
Description
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:N)  
Pub Date
2016-12-20  
Published
2006-09-15  
Modified Date
2013-09-07  
Seq
2006-4340  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
327789 62979 CVE-2006-4340 20060901-01-P  View
327790 62979 CVE-2006-4340 oval:org.mitre.oval:def:11007  View
327791 62979 CVE-2006-4340 GLSA-200609-19  View
327792 62979 CVE-2006-4340 GLSA-200610-01  View
327793 62979 CVE-2006-4340 1016858  View
327794 62979 CVE-2006-4340 1016859  View
327795 62979 CVE-2006-4340 1016860  View
327796 62979 CVE-2006-4340 102648  View
327797 62979 CVE-2006-4340 102781  View
327798 62979 CVE-2006-4340 http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm  View
327799 62979 CVE-2006-4340 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm  View
327800 62979 CVE-2006-4340 DSA-1192  View
327801 62979 CVE-2006-4340 DSA-1210  View
327802 62979 CVE-2006-4340 GLSA-200610-06  View
327803 62979 CVE-2006-4340 [ietf-openpgp] 20060827 Bleichenbacher"s RSA signature forgery based on implementation error  View
327804 62979 CVE-2006-4340 MDKSA-2006:168  View
327805 62979 CVE-2006-4340 MDKSA-2006:169  View
327806 62979 CVE-2006-4340 http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/  View
327807 62979 CVE-2006-4340 http://www.mozilla.org/security/announce/2006/mfsa2006-60.html  View
327808 62979 CVE-2006-4340 http://www.mozilla.org/security/announce/2006/mfsa2006-66.html  View
327809 62979 CVE-2006-4340 SUSE-SA:2006:054  View
327810 62979 CVE-2006-4340 SUSE-SA:2006:055  View
327811 62979 CVE-2006-4340 RHSA-2006:0675  View
327812 62979 CVE-2006-4340 RHSA-2006:0676  View
327813 62979 CVE-2006-4340 RHSA-2006:0677  View
327814 62979 CVE-2006-4340 20060915 rPSA-2006-0169-1 firefox thunderbird  View
327815 62979 CVE-2006-4340 USN-350-1  View
327816 62979 CVE-2006-4340 USN-351-1  View
327817 62979 CVE-2006-4340 USN-352-1  View
327818 62979 CVE-2006-4340 USN-354-1  View
327819 62979 CVE-2006-4340 USN-361-1  View
327820 62979 CVE-2006-4340 TA06-312A  View
327821 62979 CVE-2006-4340 DSA-1191  View
327822 62979 CVE-2006-4340 ADV-2006-3617  View
327823 62979 CVE-2006-4340 ADV-2006-3622  View
327824 62979 CVE-2006-4340 ADV-2006-3748  View
327825 62979 CVE-2006-4340 ADV-2006-3899  View
327826 62979 CVE-2006-4340 ADV-2007-0293  View
327827 62979 CVE-2006-4340 ADV-2007-1198  View
327828 62979 CVE-2006-4340 ADV-2008-0083  View
327829 62979 CVE-2006-4340 SSRT061181  View
327830 62979 CVE-2006-4340 mozilla-nss-security-bypass(30098)  View
327831 62979 CVE-2006-4340 https://issues.rpath.com/browse/RPL-640  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
58361 JVNDB-2006-000557 Mozilla 製品の NSS における RSA 署名を偽造される脆弱性 Mozilla クライアント製品が利用する Network Security Service (NSS) 暗号ライブラリには、RSA 署名の検証における署名の付加データの処理が不適切であるため、公開指数が 3 である RSA 鍵による署名データが適切に処理されない脆弱性が存在します。 CVE-2006-4340 20442 CVE-2006-4340 62979 5 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000557.html 2006-09-14 2007-04-27 View