Description
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
Published: 2006-12-20
Score: 4.3 Medium
EPSS: 13.7% Moderate
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-1253-1 New Mozilla Firefox packages fix several vulnerabilities
Debian DSA Debian DSA DSA-1258-1 New Mozilla Firefox packages fix several vulnerabilities
Debian DSA Debian DSA DSA-1265-1 New Mozilla packages fix several vulnerabilities
Ubuntu USN Ubuntu USN USN-398-1 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-398-2 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-400-1 Thunderbird vulnerabilities
References
Link Providers
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 cve-icon cve-icon
http://secunia.com/advisories/23282 cve-icon cve-icon
http://secunia.com/advisories/23420 cve-icon cve-icon
http://secunia.com/advisories/23422 cve-icon cve-icon
http://secunia.com/advisories/23545 cve-icon cve-icon
http://secunia.com/advisories/23589 cve-icon cve-icon
http://secunia.com/advisories/23591 cve-icon cve-icon
http://secunia.com/advisories/23614 cve-icon cve-icon
http://secunia.com/advisories/23672 cve-icon cve-icon
http://secunia.com/advisories/23692 cve-icon cve-icon
http://secunia.com/advisories/23988 cve-icon cve-icon
http://secunia.com/advisories/24078 cve-icon cve-icon
http://secunia.com/advisories/24390 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200701-02.xml cve-icon cve-icon
http://securitytracker.com/id?1017398 cve-icon cve-icon
http://securitytracker.com/id?1017405 cve-icon cve-icon
http://securitytracker.com/id?1017406 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1 cve-icon cve-icon
http://www.debian.org/security/2007/dsa-1253 cve-icon cve-icon
http://www.debian.org/security/2007/dsa-1258 cve-icon cve-icon
http://www.debian.org/security/2007/dsa-1265 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml cve-icon cve-icon
http://www.kb.cert.org/vuls/id/427972 cve-icon cve-icon
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html cve-icon cve-icon
http://www.securityfocus.com/bid/21668 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-398-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-398-2 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-400-1 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA06-354A.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/5068 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/1124 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/0083 cve-icon cve-icon
History

No history.

Subscriptions

Canonical Ubuntu Linux
Debian Debian Linux
Mozilla Firefox Seamonkey Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T20:26:46.595Z

Reserved: 2006-12-13T00:00:00.000Z

Link: CVE-2006-6499

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-12-20T01:28:00.000

Modified: 2026-04-23T00:35:47.467

Link: CVE-2006-6499

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses