CVE-2006-5462 — Acceptance of Extraneous Untrusted Data With Trusted Data in Mozilla Firefox

CWE-349 — Acceptance of Extraneous Untrusted Data With Trusted Data15 documents9 sources

Severity

6.4MEDIUMNVD

CNA4.0OSV4.0

EPSS

12.8%

top 5.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Network Security Services Mozilla Seamonkey +1 more

Timeline

PublishedNov 8

Latest updateMay 3

Description

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages4 packages

▶NVDmozilla/network_security_services3.11.3

▶NVDmozilla/firefox8 versions+7

▶NVDmozilla/seamonkey6 versions+5

▶NVDmozilla/thunderbird7 versions+6

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-rmhr-q7w5-3ffq: Mozilla Network Security Service (NSS) library before 3↗2022-05-03

▶

OSV

CVE-2006-5462: Mozilla Network Security Service (NSS) library before 3↗2006-11-08

▶

CVEList

CVE-2006-5462: Mozilla Network Security Service (NSS) library before 3↗2006-11-08

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2006-11-21

▶

Ubuntu

Thunderbird vulnerabilities↗2006-11-21

▶

Red Hat

security flaw↗2006-11-08

▶

Red Hat

security flaw↗2006-09-15

▶

Debian

CVE-2006-5462: firefox - Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla...↗2006

▶

📐Framework References

CWE

Acceptance of Extraneous Untrusted Data With Trusted Data

▶

💬Community

Bugzilla

CVE-2006-5462 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-4340 security flaw↗2018-08-16

▶

Bugzilla

CVE-2006-5462 Multiple thunderbird vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)↗2006-11-07

▶

Bugzilla

CVE-2006-5462 Multiple firefox vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)↗2006-11-07

▶

Bugzilla

CVE-2006-5462 Multiple seamonkey vulnerabilities (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)↗2006-11-07

▶