CVE-2006-6499

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742	Broken Link
http://secunia.com/advisories/23282	Broken Link Third Party Advisory
http://secunia.com/advisories/23420	Broken Link Third Party Advisory
http://secunia.com/advisories/23422	Broken Link Third Party Advisory
http://secunia.com/advisories/23545	Broken Link Third Party Advisory
http://secunia.com/advisories/23589	Broken Link Third Party Advisory
http://secunia.com/advisories/23591	Broken Link Third Party Advisory
http://secunia.com/advisories/23614	Broken Link Third Party Advisory
http://secunia.com/advisories/23672	Broken Link Third Party Advisory
http://secunia.com/advisories/23692	Broken Link Third Party Advisory
http://secunia.com/advisories/23988	Broken Link Third Party Advisory
http://secunia.com/advisories/24078	Broken Link Third Party Advisory
http://secunia.com/advisories/24390	Broken Link Third Party Advisory
http://security.gentoo.org/glsa/glsa-200701-02.xml	Broken Link Third Party Advisory
http://securitytracker.com/id?1017398	Broken Link Third Party Advisory VDB Entry
http://securitytracker.com/id?1017405	Broken Link Third Party Advisory VDB Entry
http://securitytracker.com/id?1017406	Broken Link Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1	Broken Link
http://www.debian.org/security/2007/dsa-1253	Third Party Advisory
http://www.debian.org/security/2007/dsa-1258	Third Party Advisory
http://www.debian.org/security/2007/dsa-1265	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml	Third Party Advisory
http://www.kb.cert.org/vuls/id/427972	Third Party Advisory US Government Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html	Broken Link
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html	Broken Link
http://www.securityfocus.com/bid/21668	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-398-1	Third Party Advisory
http://www.ubuntu.com/usn/usn-398-2	Third Party Advisory
http://www.ubuntu.com/usn/usn-400-1	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA06-354A.html	Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/5068	Broken Link Third Party Advisory
http://www.vupen.com/english/advisories/2007/1124	Broken Link Third Party Advisory
http://www.vupen.com/english/advisories/2008/0083	Broken Link Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*

History

22 Dec 2023, 18:49

Type	Values Removed	Values Added
CWE	~~NVD-CWE-Other~~	CWE-835
References	~~() http://secunia.com/advisories/23282 - Third Party Advisory~~	() http://secunia.com/advisories/23282 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/23420 - Third Party Advisory~~	() http://secunia.com/advisories/23420 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/23422 - Third Party Advisory~~	() http://secunia.com/advisories/23422 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/23545 - Third Party Advisory~~	() http://secunia.com/advisories/23545 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/23589 - Third Party Advisory~~	() http://secunia.com/advisories/23589 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/23591 - Third Party Advisory~~	() http://secunia.com/advisories/23591 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/23614 - Third Party Advisory~~	() http://secunia.com/advisories/23614 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/23672 - Third Party Advisory~~	() http://secunia.com/advisories/23672 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/23692 - Third Party Advisory~~	() http://secunia.com/advisories/23692 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/23988 - Third Party Advisory~~	() http://secunia.com/advisories/23988 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/24078 - Third Party Advisory~~	() http://secunia.com/advisories/24078 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/24390 - Third Party Advisory~~	() http://secunia.com/advisories/24390 - Broken Link, Third Party Advisory
References	~~() http://security.gentoo.org/glsa/glsa-200701-02.xml - Third Party Advisory~~	() http://security.gentoo.org/glsa/glsa-200701-02.xml - Broken Link, Third Party Advisory
References	~~() http://securitytracker.com/id?1017398 - Third Party Advisory, VDB Entry~~	() http://securitytracker.com/id?1017398 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://securitytracker.com/id?1017405 - Third Party Advisory, VDB Entry~~	() http://securitytracker.com/id?1017405 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://securitytracker.com/id?1017406 - Third Party Advisory, VDB Entry~~	() http://securitytracker.com/id?1017406 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securityfocus.com/bid/21668 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/21668 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.us-cert.gov/cas/techalerts/TA06-354A.html - Third Party Advisory, US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA06-354A.html - Broken Link, Third Party Advisory, US Government Resource
References	~~() http://www.vupen.com/english/advisories/2006/5068 - Third Party Advisory~~	() http://www.vupen.com/english/advisories/2006/5068 - Broken Link, Third Party Advisory
References	~~() http://www.vupen.com/english/advisories/2007/1124 - Third Party Advisory~~	() http://www.vupen.com/english/advisories/2007/1124 - Broken Link, Third Party Advisory
References	~~() http://www.vupen.com/english/advisories/2008/0083 - Third Party Advisory~~	() http://www.vupen.com/english/advisories/2008/0083 - Broken Link, Third Party Advisory

Information

Published : 2006-12-20 01:28

Updated : 2023-12-22 18:49

NVD link : CVE-2006-6499

Mitre link : CVE-2006-6499

CVE.ORG link : CVE-2006-6499

JSON object : View

Products Affected

mozilla

thunderbird
seamonkey
firefox

canonical

ubuntu_linux

debian

debian_linux

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

4.3 /10