CVE-2006-4340 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation17 documents8 sources

Severity

4.0MEDIUMNVD

CNA4.3OSV4.3

EPSS

2.7%

top 14.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Mozilla Firefox Mozilla Network Security Services +1 more

Timeline

PublishedSep 15

Latest updateMay 3

Description

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. …

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages5 packages

▶NVDmozilla/network_security_services3.11.2

▶Debianmozilla/thunderbird< 1.5.0.7-1+3

▶NVDmozilla/firefox1.5.0.6

▶NVDmozilla/seamonkey1.0.4

▶NVDmozilla/thunderbird1.5.0.6

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-q7vf-rjwh-chxv: Mozilla Network Security Service (NSS) library before 3↗2022-05-03

▶

CVEList

CVE-2006-4340: Mozilla Network Security Service (NSS) library before 3↗2006-09-15

▶

OSV

CVE-2006-4340: Mozilla Network Security Service (NSS) library before 3↗2006-09-15

▶

📋Vendor Advisories

Red Hat

security flaw↗2006-11-08

▶

Ubuntu

Mozilla vulnerabilities↗2006-10-10

▶

Ubuntu

Thunderbird vulnerabilities↗2006-09-25

▶

Ubuntu

firefox vulnerabilities↗2006-09-23

▶

Ubuntu

Thunderbird vulnerabilities↗2006-09-22

▶

💬Community

Bugzilla

CVE-2006-4340 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-5462 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-4340 nss needs update↗2006-09-15

▶

Bugzilla

CVE-2006-4340 Various SeaMonkey security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571)↗2006-09-14

▶

Bugzilla

CVE-2006-4340 Various Firefox security issues (CVE-2006-4253 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569 CVE-2006-4571)↗2006-09-14

▶