Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2006-6499
HistoryDec 20, 2006 - 1:28 a.m.

CVE-2006-6499

2006-12-2001:28:00
CWE-835
redhat
web.nvd.nist.gov
55
cve-2006-6499
mozilla firefox
thunderbird
seamonkey
js_dtoa
memory overwrite
denial of service

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.02

Percentile

88.9%

JSON

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

Affected configurations

Nvd
Node
mozillafirefoxRange1.51.5.0.9
OR
mozillafirefoxRange2.02.0.0.1
OR
mozillaseamonkeyRange<1.0.7
OR
mozillathunderbirdRange<1.5.0.9
Node
debiandebian_linuxMatch3.1
OR
debiandebian_linuxMatch4.0
Node
canonicalubuntu_linuxMatch5.10
OR
canonicalubuntu_linuxMatch6.06lts
OR
canonicalubuntu_linuxMatch6.10
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozillathunderbird*cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
debiandebian_linux3.1cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
canonicalubuntu_linux5.10cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonicalubuntu_linux6.10cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

References

Related

ubuntucve 1
cert 1
cvelist 1
debiancve 1
nvd 1
mozilla 1
securityvulns 1
osv 3
openvas 23
debian 3
nessus 22
ubuntu 4
gentoo 2
suse 2
ubuntucve
ubuntucve
CVE-2006-6499
2006-12-20 00:00:00
cert
cert
Mozilla denial of service vulnerability
2007-01-09 00:00:00
cvelist
cvelist
CVE-2006-6499
2006-12-20 01:00:00
debiancve
debiancve
CVE-2006-6499
2006-12-20 01:28:00
nvd
nvd
CVE-2006-6499
2006-12-20 01:28:00
mozilla
mozilla
Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1) — Mozilla
2006-12-19 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2006-68
2006-12-20 00:00:00
osv
osv
mozilla-thunderbird
2007-02-07 00:00:00
mozilla-firefox
2007-01-27 00:00:00
mozilla
2007-03-10 00:00:00
openvas
openvas
Solaris Update for Mozilla 1.7_x86 119116-35
2009-10-13 00:00:00
Debian: Security Advisory (DSA-1253-1)
2008-01-17 00:00:00
Solaris Update for Mozilla 1.7 119115-35
2009-10-13 00:00:00
debian
debian
[SECURITY] [DSA 1253-1] New Mozilla Firefox packages fix several vulnerabilities
2007-01-27 18:35:24
[SECURITY] [DSA 1258-1] New Mozilla Firefox packages fix several vulnerabilities
2007-02-07 07:36:56
[SECURITY] [DSA 1265-1] New Mozilla packages fix several vulnerabilities
2007-03-10 19:12:34
nessus
nessus
Debian DSA-1253-1 : mozilla-firefox - several vulnerabilities
2007-02-09 00:00:00
Debian DSA-1258-1 : mozilla-thunderbird - several vulnerabilities
2007-02-09 00:00:00
Debian DSA-1265-1 : mozilla - several vulnerabilities
2007-03-12 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-01-03 00:00:00
Firefox regression
2007-01-27 00:00:00
Thunderbird vulnerabilities
2007-01-05 00:00:00
gentoo
gentoo
SeaMonkey: Multiple vulnerabilities
2007-01-10 00:00:00
Mozilla Firefox: Multiple vulnerabilities
2007-01-04 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird
2006-12-29 15:41:46
remote denial of service in mozilla
2007-01-12 14:08:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.02

Percentile

88.9%

JSON
Related for CVE-2006-6499
ubuntucve1cert1cvelist1debiancve1nvd1mozilla1securityvulns1osv3openvas23debian3nessus22ubuntu4gentoo2suse2