Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 220.127.116.11, Thunderbird before 18.104.22.168, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 22.214.171.124 are covered by CVE-2006-5462.