Unrated severityNVD Advisory· Published Sep 15, 2006· Updated Apr 16, 2026

CVE-2006-4340

Description

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <=1.5.0.6
Mozilla Corporation/Network Security Services
cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*
Range: <=3.11.2
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <=1.0.4
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <=1.5.0.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/21906nvdPatchVendor Advisory
secunia.com/advisories/21949nvdPatchVendor Advisory
www.redhat.com/support/errata/RHSA-2006-0676.htmlnvdPatchVendor Advisory
www.redhat.com/support/errata/RHSA-2006-0677.htmlnvdPatchVendor Advisory
secunia.com/advisories/21903nvdVendor Advisory
secunia.com/advisories/21915nvdVendor Advisory
secunia.com/advisories/21916nvdVendor Advisory
secunia.com/advisories/21939nvdVendor Advisory
secunia.com/advisories/21940nvdVendor Advisory
secunia.com/advisories/21950nvdVendor Advisory
secunia.com/advisories/22001nvdVendor Advisory
secunia.com/advisories/22025nvdVendor Advisory
secunia.com/advisories/22036nvdVendor Advisory
secunia.com/advisories/22055nvdVendor Advisory
secunia.com/advisories/22074nvdVendor Advisory
secunia.com/advisories/22088nvdVendor Advisory
secunia.com/advisories/22210nvdVendor Advisory
secunia.com/advisories/22226nvdVendor Advisory
secunia.com/advisories/22247nvdVendor Advisory
secunia.com/advisories/22274nvdVendor Advisory
secunia.com/advisories/22299nvdVendor Advisory
secunia.com/advisories/22342nvdVendor Advisory
secunia.com/advisories/22422nvdVendor Advisory
secunia.com/advisories/22446nvdVendor Advisory
www.redhat.com/support/errata/RHSA-2006-0675.htmlnvdVendor Advisory
www.us-cert.gov/cas/techalerts/TA06-312A.htmlnvdUS Government Resource
patches.sgi.com/support/free/security/advisories/20060901-01-P.ascnvd
secunia.com/advisories/22044nvd
secunia.com/advisories/22056nvd
secunia.com/advisories/22066nvd
secunia.com/advisories/22195nvd
secunia.com/advisories/22849nvd
secunia.com/advisories/22992nvd
secunia.com/advisories/23883nvd
secunia.com/advisories/24711nvd
security.gentoo.org/glsa/glsa-200609-19.xmlnvd
security.gentoo.org/glsa/glsa-200610-01.xmlnvd
securitytracker.com/idnvd
securitytracker.com/idnvd
securitytracker.com/idnvd
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
support.avaya.com/elmodocs2/security/ASA-2006-224.htmnvd
support.avaya.com/elmodocs2/security/ASA-2006-250.htmnvd
www.debian.org/security/2006/dsa-1192nvd
www.debian.org/security/2006/dsa-1210nvd
www.gentoo.org/security/en/glsa/glsa-200610-06.xmlnvd
www.imc.org/ietf-openpgp/mail-archive/msg14307.htmlnvd
www.mandriva.com/security/advisoriesnvd
www.mandriva.com/security/advisoriesnvd
www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/nvd
www.mozilla.org/security/announce/2006/mfsa2006-60.htmlnvd
www.mozilla.org/security/announce/2006/mfsa2006-66.htmlnvd
www.novell.com/linux/security/advisories/2006_54_mozilla.htmlnvd
www.novell.com/linux/security/advisories/2006_55_ssl.htmlnvd
www.securityfocus.com/archive/1/446140/100/0/threadednvd
www.ubuntu.com/usn/usn-350-1nvd
www.ubuntu.com/usn/usn-351-1nvd
www.ubuntu.com/usn/usn-352-1nvd
www.ubuntu.com/usn/usn-354-1nvd
www.ubuntu.com/usn/usn-361-1nvd
www.us.debian.org/security/2006/dsa-1191nvd
www.vupen.com/english/advisories/2006/3617nvd
www.vupen.com/english/advisories/2006/3622nvd
www.vupen.com/english/advisories/2006/3748nvd
www.vupen.com/english/advisories/2006/3899nvd
www.vupen.com/english/advisories/2007/0293nvd
www.vupen.com/english/advisories/2007/1198nvd
www.vupen.com/english/advisories/2008/0083nvd
www1.itrc.hp.com/service/cki/docDisplay.donvd
exchange.xforce.ibmcloud.com/vulnerabilities/30098nvd
issues.rpath.com/browse/RPL-640nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000