Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-6499

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

Published

2006-12-20T01:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-835

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 1.5.0.9	Yes
Application	mozilla	firefox	< 2.0.0.1	Yes
Application	mozilla	seamonkey	< 1.0.7	Yes
Application	mozilla	thunderbird	< 1.5.0.9	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	canonical	ubuntu_linux	5.10	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	6.10	Yes

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link ([email protected])
http://secunia.com/advisories/23282 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/23420 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/23422 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/23545 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/23589 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/23591 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/23614 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/23672 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/23692 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/23988 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/24078 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/24390 Broken Link, Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200701-02.xml Broken Link, Third Party Advisory ([email protected])
http://securitytracker.com/id?1017398 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://securitytracker.com/id?1017405 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://securitytracker.com/id?1017406 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1 Broken Link ([email protected])
http://www.debian.org/security/2007/dsa-1253 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1258 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1265 Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml Third Party Advisory ([email protected])
http://www.kb.cert.org/vuls/id/427972 Third Party Advisory, US Government Resource ([email protected])
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html Vendor Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html Broken Link ([email protected])
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html Broken Link ([email protected])
http://www.securityfocus.com/bid/21668 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-398-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-398-2 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-400-1 Third Party Advisory ([email protected])
http://www.us-cert.gov/cas/techalerts/TA06-354A.html Broken Link, Third Party Advisory, US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2006/5068 Broken Link, Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/1124 Broken Link, Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/0083 Broken Link, Third Party Advisory ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23282 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23420 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23422 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23545 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23589 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23591 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23614 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23672 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23692 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23988 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24078 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24390 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200701-02.xml Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017398 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017405 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017406 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1253 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1258 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1265 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/427972 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/21668 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-398-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-398-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-400-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA06-354A.html Broken Link, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/5068 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/1124 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0083 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)