4.3
CVE-2006-6499
- EPSS 3.72%
- Veröffentlicht 20.12.2006 01:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:14
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version < 1.5.0.9
Debian ≫ Debian Linux Version3.1
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version5.10
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version6.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.72% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
http://www.vupen.com/english/advisories/2008/0083
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://secunia.com/advisories/23282
http://secunia.com/advisories/23420
http://secunia.com/advisories/23422
http://secunia.com/advisories/23545
http://secunia.com/advisories/23589
http://secunia.com/advisories/23591
http://secunia.com/advisories/23614
http://secunia.com/advisories/23672
http://secunia.com/advisories/23692
http://secunia.com/advisories/23988
http://secunia.com/advisories/24078
http://secunia.com/advisories/24390
http://security.gentoo.org/glsa/glsa-200701-02.xml
http://securitytracker.com/id?1017398
http://securitytracker.com/id?1017405
http://securitytracker.com/id?1017406
http://www.debian.org/security/2007/dsa-1253
http://www.debian.org/security/2007/dsa-1258
http://www.debian.org/security/2007/dsa-1265
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
http://www.kb.cert.org/vuls/id/427972
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
http://www.securityfocus.com/bid/21668
http://www.ubuntu.com/usn/usn-398-1
http://www.ubuntu.com/usn/usn-398-2
http://www.ubuntu.com/usn/usn-400-1
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
http://www.vupen.com/english/advisories/2006/5068
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1
http://www.vupen.com/english/advisories/2007/1124