ID CVE-2006-6499
Summary The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.1:alpha1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.1:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.1:alpha2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.1:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 22-12-2023 - 18:49)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 21668
cert TA06-354A
cert-vn VU#427972
confirm http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
debian
  • DSA-1253
  • DSA-1258
  • DSA-1265
gentoo
  • GLSA-200701-02
  • GLSA-200701-04
hp
  • HPSBUX02153
  • SSRT061181
sectrack
  • 1017398
  • 1017405
  • 1017406
secunia
  • 23282
  • 23420
  • 23422
  • 23545
  • 23589
  • 23591
  • 23614
  • 23672
  • 23692
  • 23988
  • 24078
  • 24390
sunalert 102846
suse
  • SUSE-SA:2006:080
  • SUSE-SA:2007:006
ubuntu
  • USN-398-1
  • USN-398-2
  • USN-400-1
vupen
  • ADV-2006-5068
  • ADV-2007-1124
  • ADV-2008-0083
Last major update 22-12-2023 - 18:49
Published 20-12-2006 - 01:28
Last modified 22-12-2023 - 18:49
Back to Top