CVE-2006-4340

Priority
Description
Mozilla Network Security Service (NSS) library before 3.11.3, as used in
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey
before 1.0.5, when using an RSA key with exponent 3, does not properly
handle extra data in a signature, which allows remote attackers to forge
signatures for SSL/TLS and email certificates, a similar vulnerability to
CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating
that these versions were not completely patched by MFSA2006-60. The newer
fixes for 1.5.0.7 are covered by CVE-2006-5462.
Notes
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2020-09-09 23:56:06 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)