what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

CVE-2006-5462

Status Candidate

Overview

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.

Related Files

Debian Linux Security Advisory 1227-1
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1227-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, debian
advisories | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748
MD5 | 394551b0027ce326ff0e261531693734
Debian Linux Security Advisory 1225-2
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1225-2 - This update covers packages for the little endian MIPS architecture missing in the original advisory. Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, debian
advisories | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748
MD5 | 39b737348c09eed1cc90af5d17adf9eb
Debian Linux Security Advisory 1225-1
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1225-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, debian
advisories | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748
MD5 | 49657524c6239d50cb48b45b9a11f3fe
Debian Linux Security Advisory 1224-1
Posted Dec 6, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1224-1 - Several security related problems have been discovered in Mozilla and derived products. It was discovered that malformed FTP server responses could lead to denial of service. It was discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code.

tags | advisory, denial of service, arbitrary, javascript
systems | linux, debian
advisories | CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748
MD5 | 9142a11b12b30cdb9295f5a37476a982
Ubuntu Security Notice 382-1
Posted Nov 22, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 382-1 - USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748
MD5 | 521f19287302bd9e6b41cffda2f5f7d1
Ubuntu Security Notice 381-1
Posted Nov 22, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 381-1 - USN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748
MD5 | 0f560f6f914a8eceb4ade850d5c7feb8
Mandriva Linux Security Advisory 2006.206
Posted Nov 13, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-206 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.8.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748
MD5 | e185d43e44a3d0d59472a916814d2c9d
Mandriva Linux Security Advisory 2006.205
Posted Nov 13, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-205 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.8.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748
MD5 | 0808cf1417535758c32ef244418dde91
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close