SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Mozilla Seamonkey Vendors:   Mozilla.org
(Sun Issues Fix) Mozilla Seamonkey RSA Signatures Can Be Forged
SecurityTracker Alert ID:  1017544
SecurityTracker URL:  http://securitytracker.com/id/1017544
CVE Reference:   CVE-2006-5462   (Links to External Site)
Date:  Jan 23 2007
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0.5
Description:   A vulnerability was reported in Mozilla Seamonkey. A remote user may be able to forge certain digital signatures.

If an RSA key with exponent 3 is used, a remote user may be able to forge a PKCS #1 v1.5 signature for that key.

Seamonkey 1.0.5 was incompletely patched against this vulnerability and is vulnerable to a variant of this attack.

Ulrich Kuehn reported this vulnerability.

Impact:   A remote user may be able to forge signatures (and certificates).
Solution:   Sun has issued a fix.

SPARC Platform

* Solaris 10 with patch 119115-22 or later

x86 Platform

* Solaris 10 with patch 119116-22 or later

A final resolution for Solaris 8 and 9 is pending.

The Sun advisory is available at:

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1

Vendor URL:  www.mozilla.org/security/announce/2006/mfsa2006-66.html (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (Solaris - SunOS)
Underlying OS Comments:  8, 9, 10

Message History:   This archive entry is a follow-up to the message listed below.
Nov 8 2006 Mozilla Seamonkey RSA Signatures Can Be Forged



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC