Mozilla Seamonkey RSA Signatures Can Be Forged
|
|
SecurityTracker Alert ID: 1017180
|
|
SecurityTracker URL: http://securitytracker.com/id?1017180
|
|
CVE Reference: CVE-2006-5462
(Links to External Site)
|
Date: Nov 8 2006
|
Impact: Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Mozilla Foundation Security Advisory
|
Version(s): 1.0.5
|
Description: A vulnerability was reported in Mozilla Seamonkey. A remote user may be able to forge certain digital signatures.
If an RSA key with exponent 3 is used, a remote user may be able to forge a PKCS #1 v1.5 signature for that key.
Seamonkey 1.0.5
was incompletely patched against this vulnerability and is vulnerable to a variant of this attack.
Ulrich Kuehn reported this
vulnerability.
|
Impact: A remote user may be able to forge signatures (and certificates).
|
Solution: The vendor has issued a fixed version (1.0.6).
The Mozilla advisory is available at:
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
|
Vendor URL: www.mozilla.org/security/announce/2006/mfsa2006-66.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 7 Nov 2006 20:44:57 -0500
Subject: Firefox, Thunderbird, SeaMonkey vulnerabilities
|
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
CVE-2006-5462
|
|
