Home > Vulnerability Database > CVE-2006-6499

Mend.io Vulnerability Database

CVE-2006-6499

Date: December 19, 2006

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

Severity Score

3.7

Related Resources (37)

Url: http://www.kb.cert.org/vuls/id/427972

Url: http://secunia.com/advisories/23282

Url: http://secunia.com/advisories/24390

Url: http://www.debian.org/security/2007/dsa-1265

Url: http://www.vupen.com/english/advisories/2007/1124

Url: http://securitytracker.com/id?1017405

Url: http://securitytracker.com/id?1017406

Url: http://www.novell.com/linux/security/advisories/2007_06_mozilla.html

Url: http://www.securityfocus.com/bid/21668

Url: http://www.vupen.com/english/advisories/2008/0083

Url: http://securitytracker.com/id?1017398

Url: http://secunia.com/advisories/23614

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-6499

Url: http://www.us-cert.gov/cas/techalerts/TA06-354A.html

Url: http://secunia.com/advisories/23591

Url: http://www.ubuntu.com/usn/usn-400-1

Url: http://secunia.com/advisories/23692

Url: http://secunia.com/advisories/23672

Url: http://www.novell.com/linux/security/advisories/2006_80_mozilla.html

Url: http://www.mozilla.org/security/announce/2006/mfsa2006-68.html

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-6499

Url: http://www.vupen.com/english/advisories/2006/5068

Url: http://www.debian.org/security/2007/dsa-1258

Url: http://www.debian.org/security/2007/dsa-1253

Url: http://www.ubuntu.com/usn/usn-398-1

Url: http://www.ubuntu.com/usn/usn-398-2

Url: http://secunia.com/advisories/23545

Url: http://secunia.com/advisories/23589

Url: http://secunia.com/advisories/23988

Url: http://secunia.com/advisories/24078

Url: http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml

Url: http://secunia.com/advisories/23420

Url: http://secunia.com/advisories/23422

Url: http://security.gentoo.org/glsa/glsa-200701-02.xml

Url: https://www.mend.io/vulnerability-database/CVE-2006-6499

Severity Score

3.7

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-6499

Date: December 19, 2006

Severity Score

Related Resources (37)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?