English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2006-4340
Description:Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.
Test IDs: 1.3.6.1.4.1.25623.1.0.57485   1.3.6.1.4.1.25623.1.0.59379   1.3.6.1.4.1.25623.1.0.57486   1.3.6.1.4.1.25623.1.0.57583  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2006-4340
1016858
http://securitytracker.com/id?1016858
1016859
http://securitytracker.com/id?1016859
1016860
http://securitytracker.com/id?1016860
102648
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
102781
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
20060915 rPSA-2006-0169-1 firefox thunderbird
http://www.securityfocus.com/archive/1/446140/100/0/threaded
21903
http://secunia.com/advisories/21903
21906
http://secunia.com/advisories/21906
21915
http://secunia.com/advisories/21915
21916
http://secunia.com/advisories/21916
21939
http://secunia.com/advisories/21939
21940
http://secunia.com/advisories/21940
21949
http://secunia.com/advisories/21949
21950
http://secunia.com/advisories/21950
22001
http://secunia.com/advisories/22001
22025
http://secunia.com/advisories/22025
22036
http://secunia.com/advisories/22036
22044
http://secunia.com/advisories/22044
22055
http://secunia.com/advisories/22055
22056
http://secunia.com/advisories/22056
22066
http://secunia.com/advisories/22066
22074
http://secunia.com/advisories/22074
22088
http://secunia.com/advisories/22088
22195
http://secunia.com/advisories/22195
22210
http://secunia.com/advisories/22210
22226
http://secunia.com/advisories/22226
22247
http://secunia.com/advisories/22247
22274
http://secunia.com/advisories/22274
22299
http://secunia.com/advisories/22299
22342
http://secunia.com/advisories/22342
22422
http://secunia.com/advisories/22422
22446
http://secunia.com/advisories/22446
22849
http://secunia.com/advisories/22849
22992
http://secunia.com/advisories/22992
23883
http://secunia.com/advisories/23883
24711
http://secunia.com/advisories/24711
ADV-2006-3617
http://www.vupen.com/english/advisories/2006/3617
ADV-2006-3622
http://www.vupen.com/english/advisories/2006/3622
ADV-2006-3748
http://www.vupen.com/english/advisories/2006/3748
ADV-2006-3899
http://www.vupen.com/english/advisories/2006/3899
ADV-2007-0293
http://www.vupen.com/english/advisories/2007/0293
ADV-2007-1198
http://www.vupen.com/english/advisories/2007/1198
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
DSA-1191
http://www.us.debian.org/security/2006/dsa-1191
DSA-1192
http://www.debian.org/security/2006/dsa-1192
DSA-1210
http://www.debian.org/security/2006/dsa-1210
GLSA-200609-19
http://security.gentoo.org/glsa/glsa-200609-19.xml
GLSA-200610-01
http://security.gentoo.org/glsa/glsa-200610-01.xml
GLSA-200610-06
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
HPSBUX02153
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
MDKSA-2006:168
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
MDKSA-2006:169
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
RHSA-2006:0675
http://www.redhat.com/support/errata/RHSA-2006-0675.html
RHSA-2006:0676
http://www.redhat.com/support/errata/RHSA-2006-0676.html
RHSA-2006:0677
http://www.redhat.com/support/errata/RHSA-2006-0677.html
SSRT061181
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
SUSE-SA:2006:054
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
SUSE-SA:2006:055
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
TA06-312A
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
USN-350-1
http://www.ubuntu.com/usn/usn-350-1
USN-351-1
http://www.ubuntu.com/usn/usn-351-1
USN-352-1
http://www.ubuntu.com/usn/usn-352-1
USN-354-1
http://www.ubuntu.com/usn/usn-354-1
USN-361-1
http://www.ubuntu.com/usn/usn-361-1
[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
https://issues.rpath.com/browse/RPL-640
https://issues.rpath.com/browse/RPL-640
mozilla-nss-security-bypass(30098)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
oval:org.mitre.oval:def:11007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007



© 1998-2025 E-Soft Inc. All rights reserved.