CVE-2006-6499

Mozilla Firefox < 1.5.0.9 - Infinite Loop

Title source: rule

Description

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

References (34)

Core 34

Core References

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21668

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23672

Broken Link, Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/5068

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017398

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1265

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24078

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23692

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-398-2

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23282

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24390

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2006/mfsa2006-68.html

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23422

Broken Link vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23591

Broken Link, Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1124

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017405

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23614

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017406

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-398-1

Broken Link, Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0083

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23420

Broken Link vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_80_mozilla.html

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/427972

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23545

Broken Link vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1

Broken Link, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA06-354A.html

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23589

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1253

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1258

Broken Link vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_06_mozilla.html

Broken Link, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23988

Broken Link, Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200701-02.xml

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-400-1

Scores

EPSS 0.1371

EPSS Percentile 94.3%

Details

CWE

CWE-835

Status published

Products (8)

canonical/ubuntu_linux 5.10

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 6.10

debian/debian_linux 3.1

debian/debian_linux 4.0

mozilla/firefox 1.5 - 1.5.0.9

mozilla/seamonkey < 1.0.7

mozilla/thunderbird < 1.5.0.9

Published Dec 20, 2006

Tracked Since Feb 18, 2026