CVE-2006-5462 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-5462 Interim 1 5 2024-09-08T01:36:44Z current 2021-05-30T12:36:57Z 2024-09-08T01:36:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-5462 Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E5BYURQCCFLH6SEXWWNG5VHH2BHYJR2C/#E5BYURQCCFLH6SEXWWNG5VHH2BHYJR2C E-Mail link for SUSE-SA:2006:068 https://www.suse.com/support/security/rating/ SUSE Security Ratings Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. CVE-2006-5462 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N