PT-2006-7103 · Mozilla+1 · Firefox+3
Keith Victor
·
Publicado
2006-12-20
·
Atualizado
2023-12-22
·
CVE-2006-6499
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions 2.x before 2.0.0.1
Mozilla Firefox versions 1.5.x before 1.5.0.9
Thunderbird versions before 1.5.0.9
SeaMonkey versions before 1.0.7
Description
The
js dtoa function overwrites memory instead of exiting when the floating point precision is reduced. This allows remote attackers to cause a denial of service via any plugins that reduce the precision.Recommendations
For Mozilla Firefox versions 2.x before 2.0.0.1, update to version 2.0.0.1 or later.
For Mozilla Firefox versions 1.5.x before 1.5.0.9, update to version 1.5.0.9 or later.
For Thunderbird versions before 1.5.0.9, update to version 1.5.0.9 or later.
For SeaMonkey versions before 1.0.7, update to version 1.0.7 or later.
Correção
DoS
Infinite Loop
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hp-Ux
Firefox
Seamonkey
Thunderbird