CVE-2006-6499
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
88.9%
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | seamonkey | * | cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* |
| mozilla | thunderbird | * | cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* |
| debian | debian_linux | 3.1 | cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* |
| debian | debian_linux | 4.0 | cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 5.10 | cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 6.06 | cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 6.10 | cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* |
References
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
secunia.com/advisories/23282
secunia.com/advisories/23420
secunia.com/advisories/23422
secunia.com/advisories/23545
secunia.com/advisories/23589
secunia.com/advisories/23591
secunia.com/advisories/23614
secunia.com/advisories/23672
secunia.com/advisories/23692
secunia.com/advisories/23988
secunia.com/advisories/24078
secunia.com/advisories/24390
security.gentoo.org/glsa/glsa-200701-02.xml
securitytracker.com/id?1017398
securitytracker.com/id?1017405
securitytracker.com/id?1017406
sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1
www.debian.org/security/2007/dsa-1253
www.debian.org/security/2007/dsa-1258
www.debian.org/security/2007/dsa-1265
www.gentoo.org/security/en/glsa/glsa-200701-04.xml
www.kb.cert.org/vuls/id/427972
www.mozilla.org/security/announce/2006/mfsa2006-68.html
www.novell.com/linux/security/advisories/2006_80_mozilla.html
www.novell.com/linux/security/advisories/2007_06_mozilla.html
www.securityfocus.com/bid/21668
www.ubuntu.com/usn/usn-398-1
www.ubuntu.com/usn/usn-398-2
www.ubuntu.com/usn/usn-400-1
www.us-cert.gov/cas/techalerts/TA06-354A.html
www.vupen.com/english/advisories/2006/5068
www.vupen.com/english/advisories/2007/1124
www.vupen.com/english/advisories/2008/0083
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
88.9%