Unrated severityNVD Advisory· Published Nov 8, 2006· Updated Apr 23, 2026
CVE-2006-5462
CVE-2006-5462
Description
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
Affected products
28cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
54- secunia.com/advisories/22722nvdPatchVendor Advisory
- secunia.com/advisories/22770nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/335392nvdPatchUS Government Resource
- www.mozilla.org/security/announce/2006/mfsa2006-60.htmlnvdPatch
- www.mozilla.org/security/announce/2006/mfsa2006-66.htmlnvdPatch
- www.us-cert.gov/cas/techalerts/TA06-312A.htmlnvdPatchUS Government Resource
- bugzilla.mozilla.org/show_bug.cginvdPatch
- patches.sgi.com/support/free/security/advisories/20061101-01-Pnvd
- rhn.redhat.com/errata/RHSA-2006-0733.htmlnvd
- rhn.redhat.com/errata/RHSA-2006-0734.htmlnvd
- rhn.redhat.com/errata/RHSA-2006-0735.htmlnvd
- secunia.com/advisories/22066nvd
- secunia.com/advisories/22727nvd
- secunia.com/advisories/22737nvd
- secunia.com/advisories/22763nvd
- secunia.com/advisories/22815nvd
- secunia.com/advisories/22817nvd
- secunia.com/advisories/22929nvd
- secunia.com/advisories/22965nvd
- secunia.com/advisories/22980nvd
- secunia.com/advisories/23009nvd
- secunia.com/advisories/23013nvd
- secunia.com/advisories/23197nvd
- secunia.com/advisories/23202nvd
- secunia.com/advisories/23235nvd
- secunia.com/advisories/23263nvd
- secunia.com/advisories/23287nvd
- secunia.com/advisories/23297nvd
- secunia.com/advisories/23883nvd
- secunia.com/advisories/24711nvd
- security.gentoo.org/glsa/glsa-200612-06.xmlnvd
- security.gentoo.org/glsa/glsa-200612-07.xmlnvd
- security.gentoo.org/glsa/glsa-200612-08.xmlnvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2006-246.htmnvd
- www.debian.org/security/2006/dsa-1224nvd
- www.debian.org/security/2006/dsa-1225nvd
- www.debian.org/security/2006/dsa-1227nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_68_mozilla.htmlnvd
- www.ubuntu.com/usn/usn-381-1nvd
- www.ubuntu.com/usn/usn-382-1nvd
- www.vupen.com/english/advisories/2006/3748nvd
- www.vupen.com/english/advisories/2006/4387nvd
- www.vupen.com/english/advisories/2007/0293nvd
- www.vupen.com/english/advisories/2007/1198nvd
- www.vupen.com/english/advisories/2008/0083nvd
- www1.itrc.hp.com/service/cki/docDisplay.donvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30098nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478nvd
News mentions
0No linked articles in our index yet.