CVE-2006-4340 — MEDIUM (4.0)

Q: How severe is CVE-2006-4340?

CVE-2006-4340 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-4340?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Network Security Services, Mozilla Seamonkey, Mozilla Thunderbird.

Vulnerability Description

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.

CVSS Score

4.0

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	<= 1.5.0.6
Mozilla	Network Security Services	<= 3.11.2
Mozilla	Seamonkey	<= 1.0.4
Mozilla	Thunderbird	<= 1.5.0.6

Related Weaknesses (CWE)

CWE-20

References

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://secunia.com/advisories/21903Vendor Advisory
http://secunia.com/advisories/21906PatchVendor Advisory
http://secunia.com/advisories/21915Vendor Advisory
http://secunia.com/advisories/21916Vendor Advisory
http://secunia.com/advisories/21939Vendor Advisory
http://secunia.com/advisories/21940Vendor Advisory
http://secunia.com/advisories/21949PatchVendor Advisory
http://secunia.com/advisories/21950Vendor Advisory
http://secunia.com/advisories/22001Vendor Advisory
http://secunia.com/advisories/22025Vendor Advisory
http://secunia.com/advisories/22036Vendor Advisory
http://secunia.com/advisories/22044
http://secunia.com/advisories/22055Vendor Advisory
http://secunia.com/advisories/22056

FAQ

What is CVE-2006-4340?

CVE-2006-4340 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, ...

How severe is CVE-2006-4340?

CVE-2006-4340 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-4340?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Network Security Services, Mozilla Seamonkey, Mozilla Thunderbird.