Vulnerability Details : CVE-2006-6499
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
Vulnerability category: Denial of service
Threat overview for CVE-2006-6499
Top countries where our scanners detected CVE-2006-6499
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2006-6499 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-6499!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-6499
Probability of exploitation activity in the next 30 days: 2.00%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-6499
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2006-6499
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-6499
-
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
SeaMonkey: Multiple vulnerabilities (GLSA 200701-04) — Gentoo securityThird Party Advisory
-
http://secunia.com/advisories/23692
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://securitytracker.com/id?1017406
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
404 Page Not Found | SUSEBroken Link
-
http://secunia.com/advisories/23282
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://secunia.com/advisories/24390
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://secunia.com/advisories/23614
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1258
Debian -- Security Information -- DSA-1258-1 mozilla-thunderbirdThird Party Advisory
-
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
Page Not Found | CISABroken Link;Third Party Advisory;US Government Resource
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1
Broken Link
-
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
404 Page Not Found | SUSEBroken Link
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Third Party Advisory
-
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1) — MozillaVendor Advisory
-
http://secunia.com/advisories/24078
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://secunia.com/advisories/23672
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://secunia.com/advisories/23589
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://www.kb.cert.org/vuls/id/427972
VU#427972 - Mozilla denial of service vulnerabilityThird Party Advisory;US Government Resource
-
http://security.gentoo.org/glsa/glsa-200701-02.xml
Mozilla Firefox: Multiple vulnerabilities (GLSA 200701-02) — Gentoo securityBroken Link;Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1253
Debian -- Security Information -- DSA-1253-1 mozilla-firefoxThird Party Advisory
-
http://www.ubuntu.com/usn/usn-398-1
USN-398-1: Firefox vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://securitytracker.com/id?1017405
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/23545
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://www.ubuntu.com/usn/usn-400-1
USN-400-1: Thunderbird vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.securityfocus.com/bid/21668
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/23422
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://securitytracker.com/id?1017398
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/23988
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/5068
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Third Party Advisory
-
http://secunia.com/advisories/23591
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://secunia.com/advisories/23420
About Secunia Research | FlexeraBroken Link;Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1265
Debian -- Security Information -- DSA-1265-1 mozillaThird Party Advisory
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Broken Link
-
http://www.ubuntu.com/usn/usn-398-2
USN-398-2: Firefox vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.vupen.com/english/advisories/2007/1124
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Third Party Advisory
Products affected by CVE-2006-6499
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*