Mozilla denial of service vulnerability

2007-01-0900:00:00

www.kb.cert.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.02

Percentile

88.9%

JSON

Overview

Certain Mozilla products contain a denial-of-service vulnerability.

Description

Certain Mozilla products contain a denial-of-service vulnerability that occurs because of an infinite loop in the js_dtoa function. Mozilla Firefox versions prior to 2.0.0.1, Thunderbird prior to 1.5.0.9, and other Mozilla products may be affected.

According to Mozilla Foundation Security Advisory 2006-68:
Keith Victor reported that if the floating point precision of the CPU was reduced (which can happen on windows by loading a plugin which creates a Direct3D device) then it is possible that js_dtoa() will not exit and instead overwrite memory. None of the most common plugins in use do this which lowers the overall impact of this vulnerability to moderate.

Impact

A remote unauthenticated attacker may be able to cause a denial-of-service condition.

Solution

Upgrade

The Mozilla Foundation has released upgrades that address this issue. See Mozilla Foundation Security Advisory 2006-68 for more information.

Vendor Information

427972

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Mozilla __ Affected

Updated: December 21, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See Mozilla Foundation Security Advisory 2006-68.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23427972 Feedback>).