CVE-2006-5462 in Mozilla Firefoxinfo

Summary

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

10/23/2006

Disclosure

11/08/2006

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
2666	Mozilla Firefox XML.prototype.hasOwnProperty Remote Code Execution		Proof-of-Concept	Official fix	CVE-2006-5462
2664	Mozilla Firefox Javascript Script Modificator		Proof-of-Concept	Official fix	CVE-2006-5462

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!