{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2006-4340","title":"Title"},{"category":"description","text":"Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.  NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2006-4340","url":"https://www.suse.com/security/cve/CVE-2006-4340"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 203781 for CVE-2006-4340","url":"https://bugzilla.suse.com/203781"},{"category":"external","summary":"SUSE Bug 205678 for CVE-2006-4340","url":"https://bugzilla.suse.com/205678"},{"category":"external","summary":"SUSE Bug 214895 for CVE-2006-4340","url":"https://bugzilla.suse.com/214895"},{"category":"external","summary":"Advisory link for SUSE-SA:2006:054","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MLBAOGY75LOJU7F2SA7FVB2MGLENLLFF/#MLBAOGY75LOJU7F2SA7FVB2MGLENLLFF"},{"category":"external","summary":"Advisory link for SUSE-SA:2006:055","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6FPEFKM5GVDB7OIJH4HOUDGCKMJAJFMH/#6FPEFKM5GVDB7OIJH4HOUDGCKMJAJFMH"}],"title":"SUSE CVE CVE-2006-4340","tracking":{"current_release_date":"2025-07-08T00:34:37Z","generator":{"date":"2023-02-15T06:14:26Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2006-4340","initial_release_date":"2023-02-15T06:14:26Z","revision_history":[{"date":"2023-02-15T06:14:26Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:20:09Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:42:01Z","number":"4","summary":"Current version"},{"date":"2025-07-08T00:34:37Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}}}