CVE-2006-5462 : Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

Published 2006-11-08 21:07:00

Updated 2025-04-09 00:30:58

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2006-5462

Mozilla » Firefox » Version: 1.5.0.1
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5 Update Beta1
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5 Update Beta2
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.2
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.3
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.4
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.5
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.6
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 1.5.0.7
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5 Update Beta2
cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.1
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.4
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.2
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.3
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.6
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 1.5.0.7
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Network Security Services » Version: 3.11.3
cpe:2.3:a:mozilla:network_security_services:3.11.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Update Beta
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.3
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.5
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.4
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Alpha Edition
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 DEV Edition
cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-5462

EPSS FAQ

12.36%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-5462

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

References for CVE-2006-5462

http://secunia.com/advisories/22722

About Secunia Research | Flexera
Patch;Vendor Advisory

CVEs referencing this url
http://securitytracker.com/id?1017181

Access Denied
http://www.ubuntu.com/usn/usn-382-1

USN-382-1: Thunderbird vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
http://secunia.com/advisories/22763

About Secunia Research | Flexera

CVEs referencing this url
http://securitytracker.com/id?1017182

Access Denied
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205

Mandriva

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/4387

Site en construction

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200612-08.xml

SeaMonkey: Multiple vulnerabilities (GLSA 200612-08) — Gentoo security

CVEs referencing this url
http://www.debian.org/security/2006/dsa-1224

[SECURITY] [DSA 1224-1] New Mozilla packages fix several vulnerabilities

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/0293

Site en construction

CVEs referencing this url
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P

CVEs referencing this url
http://support.avaya.com/elmodocs2/security/ASA-2006-246.htm

ASA-2006-246 (RHSA-2006-0733)

CVEs referencing this url
http://secunia.com/advisories/23197

About Secunia Research | Flexera

CVEs referencing this url
http://www.ubuntu.com/usn/usn-381-1

USN-381-1: Firefox vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0083

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2006-0734.html

RHSA-2006:0734 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://secunia.com/advisories/22066

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/22817

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/23009

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/23013

About Secunia Research | Flexera

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478

404 Not Found
http://secunia.com/advisories/22770

About Secunia Research | Flexera
Patch;Vendor Advisory

CVEs referencing this url
http://secunia.com/advisories/23287

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/23235

About Secunia Research | Flexera

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2006-0733.html

RHSA-2006:0733 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html

RSA Signature Forgery (variant) — Mozilla
Patch

CVEs referencing this url
http://www.kb.cert.org/vuls/id/335392

VU#335392 - The Mozilla Network Security Services library fails to properly verify RSA signatures
Patch;US Government Resource
http://secunia.com/advisories/24711

About Secunia Research | Flexera

CVEs referencing this url
http://www.debian.org/security/2006/dsa-1225

[SECURITY] [DSA 1225-1] New Mozilla Firefox packages fix several vulnerabilities

CVEs referencing this url
http://www.debian.org/security/2006/dsa-1227

[SECURITY] [DSA 1227-1] New Mozilla Thunderbird packages fix several vulnerabilities

CVEs referencing this url
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html

RSA Signature Forgery — Mozilla
Patch

CVEs referencing this url
http://securitytracker.com/id?1017180

Access Denied
http://security.gentoo.org/glsa/glsa-200612-06.xml

Mozilla Thunderbird: Multiple vulnerabilities (GLSA 200612-06) — Gentoo security

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-200612-07.xml

Mozilla Firefox: Multiple vulnerabilities (GLSA 200612-07) — Gentoo security

CVEs referencing this url
http://www.vupen.com/english/advisories/2006/3748

Site en construction

CVEs referencing this url
http://secunia.com/advisories/22727

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/23263

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/22815

About Secunia Research | Flexera

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA06-312A.html

Page Not Found | CISA
Patch;US Government Resource

CVEs referencing this url
http://secunia.com/advisories/23297

About Secunia Research | Flexera

CVEs referencing this url
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html

404 Page Not Found | SUSE

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206

Mandriva

CVEs referencing this url
http://secunia.com/advisories/22980

About Secunia Research | Flexera

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/1198

Site en construction

CVEs referencing this url
http://secunia.com/advisories/23202

About Secunia Research | Flexera

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2006-0735.html

RHSA-2006:0735 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
http://secunia.com/advisories/22929

About Secunia Research | Flexera

CVEs referencing this url
http://secunia.com/advisories/22965

About Secunia Research | Flexera

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098

Mozilla Network Security Services RSA signature validation security bypass CVE-2006-5462 Vulnerability Report

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=356215

356215 - FF1507 RSA signature forgery: unchecked padding length (CVE-2006-5462)
Patch
http://secunia.com/advisories/23883

About Secunia Research | Flexera

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1

CVEs referencing this url
http://secunia.com/advisories/22737

About Secunia Research | Flexera

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2006-5462

Products affected by CVE-2006-5462

Exploit prediction scoring system (EPSS) score for CVE-2006-5462

CVSS scores for CVE-2006-5462

References for CVE-2006-5462