CVE-2006-6499 — MEDIUM (4.3)

Q: How severe is CVE-2006-6499?

CVE-2006-6499 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-6499?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 1.5, < 1.5.0.9
Mozilla	Seamonkey	< 1.0.7
Mozilla	Thunderbird	< 1.5.0.9
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	5.10

Related Weaknesses (CWE)

CWE-835

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
http://secunia.com/advisories/23282Broken LinkThird Party Advisory
http://secunia.com/advisories/23420Broken LinkThird Party Advisory
http://secunia.com/advisories/23422Broken LinkThird Party Advisory
http://secunia.com/advisories/23545Broken LinkThird Party Advisory
http://secunia.com/advisories/23589Broken LinkThird Party Advisory
http://secunia.com/advisories/23591Broken LinkThird Party Advisory
http://secunia.com/advisories/23614Broken LinkThird Party Advisory
http://secunia.com/advisories/23672Broken LinkThird Party Advisory
http://secunia.com/advisories/23692Broken LinkThird Party Advisory
http://secunia.com/advisories/23988Broken LinkThird Party Advisory
http://secunia.com/advisories/24078Broken LinkThird Party Advisory
http://secunia.com/advisories/24390Broken LinkThird Party Advisory
http://security.gentoo.org/glsa/glsa-200701-02.xmlBroken LinkThird Party Advisory
http://securitytracker.com/id?1017398Broken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2006-6499?

CVE-2006-6499 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point pr...

How severe is CVE-2006-6499?

CVE-2006-6499 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6499?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird, Debian Debian Linux, Canonical Ubuntu Linux.