1. Home
  2. CVE Database
  3. CVE-2006-5462
MEDIUM · 6.4

CVE-2006-5462

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, ...

Vulnerability Description

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:P/I:P/A:N
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
MozillaFirefox1.5
MozillaNetwork Security Services3.11.3
MozillaSeamonkey1.0
MozillaThunderbird1.5

References

FAQ

What is CVE-2006-5462?

CVE-2006-5462 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, ...

How severe is CVE-2006-5462?

CVE-2006-5462 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-5462?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Network Security Services, Mozilla Seamonkey, Mozilla Thunderbird.