Ulrich Kuehn

**Name of the Vulnerable Software and Affected Versions** Mozilla Network Security Service (NSS) library versions prior to 3.11.3 Mozilla Firefox versions prior to 1.5.0.8 Thunderbird versions prior to 1.5.0.8 SeaMonkey versions prior to 1.0.6 **Description** The issue allows remote attackers to forge signatures for SSL/TLS and email certificates when using an RSA key with exponent 3, due to improper handling of extra data in a signature. **Recommendations** For Mozilla Network Security Service (NSS) library versions prior to 3.11.3, update to version 3.11.3 or later. For Mozilla Firefox versions prior to 1.5.0.8, update to version 1.5.0.8 or later. For Thunderbird versions prior to 1.5.0.8, update to version 1.5.0.8 or later. For SeaMonkey versions prior to 1.0.6, update to version 1.0.6 or later.