CVE-2006-6499
First published: Wed Dec 20 2006(Updated: )
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | >=1.5<1.5.0.9 | |
| Firefox | >=2.0<2.0.0.1 | |
| Mozilla SeaMonkey | <1.0.7 | |
| Thunderbird | <1.5.0.9 | |
| Debian Linux | =3.1 | |
| Debian Linux | =4.0 | |
| Ubuntu | =6.06 | |
| Ubuntu | =6.10 | |
| Ubuntu | =5.10 | |
| >=1.5<1.5.0.9 | ||
| >=2.0<2.0.0.1 | ||
| <1.0.7 | ||
| <1.5.0.9 | ||
| =3.1 | ||
| =4.0 | ||
| =5.10 | ||
| =6.06 | ||
| =6.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
- http://securitytracker.com/id?1017398
- http://securitytracker.com/id?1017405
- http://securitytracker.com/id?1017406
- http://www.us-cert.gov/cas/techalerts/TA06-354A.html
- http://www.securityfocus.com/bid/21668
- http://secunia.com/advisories/23282
- http://secunia.com/advisories/23420
- http://secunia.com/advisories/23422
- http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
- http://www.ubuntu.com/usn/usn-398-1
- http://secunia.com/advisories/23589
- http://security.gentoo.org/glsa/glsa-200701-02.xml
- http://www.ubuntu.com/usn/usn-398-2
- http://www.ubuntu.com/usn/usn-400-1
- http://secunia.com/advisories/23545
- http://secunia.com/advisories/23591
- http://secunia.com/advisories/23614
- http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
- http://secunia.com/advisories/23692
- http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
- http://secunia.com/advisories/23672
- http://www.debian.org/security/2007/dsa-1253
- http://www.debian.org/security/2007/dsa-1258
- http://www.debian.org/security/2007/dsa-1265
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1
- http://www.kb.cert.org/vuls/id/427972
- http://secunia.com/advisories/23988
- http://secunia.com/advisories/24078
- http://secunia.com/advisories/24390
- http://www.vupen.com/english/advisories/2008/0083
- http://www.vupen.com/english/advisories/2007/1124
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- http://www.vupen.com/english/advisories/2006/5068
Frequently Asked Questions
What is the severity of CVE-2006-6499?
CVE-2006-6499 has been classified as having a moderate severity due to its potential to cause denial of service.
How do I fix CVE-2006-6499?
To fix CVE-2006-6499, update affected versions of Mozilla Firefox, Thunderbird, or SeaMonkey to their respective patched versions.
Which versions are vulnerable to CVE-2006-6499?
Versions of Mozilla Firefox before 2.0.0.1, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 are vulnerable to CVE-2006-6499.
Is CVE-2006-6499 exploitable remotely?
Yes, CVE-2006-6499 can be exploited by remote attackers through malicious plugins.
What kind of attack does CVE-2006-6499 facilitate?
CVE-2006-6499 facilitates a denial of service attack by allowing memory overwrites.
- agent/weakness
- agent/references
- agent/type
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/author
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/mozilla
- canonical/firefox
- version/firefox/1.5
- version/firefox/2.0
- canonical/mozilla seamonkey
- canonical/thunderbird
- vendor/debian
- canonical/debian linux
- version/debian linux/3.1
- version/debian linux/4.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/6.06
- version/ubuntu/6.10
- version/ubuntu/5.10