Unrated severityNVD Advisory· Published Nov 8, 2006· Updated Jun 16, 2026
CVE-2006-5462
CVE-2006-5462
Description
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
- (no CPE)range: < 1.5.0.8
- cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
- (no CPE)range: < 1.5.0.8
- Range: < 3.11.3
Patches
Vulnerability mechanics
References
54- secunia.com/advisories/22722nvdPatchVendor Advisory
- secunia.com/advisories/22770nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/335392nvdPatchUS Government Resource
- www.mozilla.org/security/announce/2006/mfsa2006-60.htmlnvdPatch
- www.mozilla.org/security/announce/2006/mfsa2006-66.htmlnvdPatch
- www.us-cert.gov/cas/techalerts/TA06-312A.htmlnvdPatchUS Government Resource
- bugzilla.mozilla.org/show_bug.cginvdPatch
- patches.sgi.com/support/free/security/advisories/20061101-01-Pnvd
- rhn.redhat.com/errata/RHSA-2006-0733.htmlnvd
- rhn.redhat.com/errata/RHSA-2006-0734.htmlnvd
- rhn.redhat.com/errata/RHSA-2006-0735.htmlnvd
- secunia.com/advisories/22066nvd
- secunia.com/advisories/22727nvd
- secunia.com/advisories/22737nvd
- secunia.com/advisories/22763nvd
- secunia.com/advisories/22815nvd
- secunia.com/advisories/22817nvd
- secunia.com/advisories/22929nvd
- secunia.com/advisories/22965nvd
- secunia.com/advisories/22980nvd
- secunia.com/advisories/23009nvd
- secunia.com/advisories/23013nvd
- secunia.com/advisories/23197nvd
- secunia.com/advisories/23202nvd
- secunia.com/advisories/23235nvd
- secunia.com/advisories/23263nvd
- secunia.com/advisories/23287nvd
- secunia.com/advisories/23297nvd
- secunia.com/advisories/23883nvd
- secunia.com/advisories/24711nvd
- security.gentoo.org/glsa/glsa-200612-06.xmlnvd
- security.gentoo.org/glsa/glsa-200612-07.xmlnvd
- security.gentoo.org/glsa/glsa-200612-08.xmlnvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2006-246.htmnvd
- www.debian.org/security/2006/dsa-1224nvd
- www.debian.org/security/2006/dsa-1225nvd
- www.debian.org/security/2006/dsa-1227nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_68_mozilla.htmlnvd
- www.ubuntu.com/usn/usn-381-1nvd
- www.ubuntu.com/usn/usn-382-1nvd
- www.vupen.com/english/advisories/2006/3748nvd
- www.vupen.com/english/advisories/2006/4387nvd
- www.vupen.com/english/advisories/2007/0293nvd
- www.vupen.com/english/advisories/2007/1198nvd
- www.vupen.com/english/advisories/2008/0083nvd
- www1.itrc.hp.com/service/cki/docDisplay.donvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30098nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478nvd
News mentions
0No linked articles in our index yet.