CVE-2006-6499

Severity

43%

Complexity

86%

Confidentiality

48%

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 18 years ago

2006-12-20 01:28:00

Last updated 5 years ago

2019-10-09 22:51:00

Affected Software

Mozilla Firefox

Mozilla SeaMonkey

Mozilla Thunderbird

Debian Debian Linux 3.1

3.1

Debian GNU/Linux 4.0

4.0

Canonical Ubuntu Linux 5.10

5.10

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 6.10

6.10

References

SSRT061181

Broken Link

23282

Third Party Advisory

23420

Third Party Advisory

23422

Third Party Advisory

23545

Third Party Advisory

23589

Third Party Advisory

23591

Third Party Advisory

23614

Third Party Advisory

23672

Third Party Advisory

23692

Third Party Advisory

23988

Third Party Advisory

24078

Third Party Advisory

24390

Third Party Advisory

GLSA-200701-02

Third Party Advisory

1017398

Third Party Advisory, VDB Entry

1017405

Third Party Advisory, VDB Entry

1017406

Third Party Advisory, VDB Entry

102846

Broken Link

DSA-1253

Third Party Advisory

DSA-1258

Third Party Advisory

DSA-1265

Third Party Advisory

GLSA-200701-04

Third Party Advisory

VU#427972

Third Party Advisory, US Government Resource

http://www.mozilla.org/security/announce/2006/mfsa2006-68.html

Vendor Advisory

SUSE-SA:2006:080

Broken Link

SUSE-SA:2007:006

Broken Link

21668

Third Party Advisory, VDB Entry

USN-398-1

Third Party Advisory

USN-398-2

Third Party Advisory

USN-400-1

Third Party Advisory

TA06-354A

Third Party Advisory, US Government Resource

ADV-2006-5068

Third Party Advisory

ADV-2007-1124

Third Party Advisory

ADV-2008-0083

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.