Launchpad.net

CVE 2006-6499

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

Related bugs and status

CVE-2006-6499 (Candidate) is related to these bugs:

Bug #76606: Update Firefox to 2.0.0.1

Summary				In	Importance	Status
	76606	Update Firefox to 2.0.0.1		firefox (Ubuntu)	Undecided	Fix Released

Bug #76682: Please update mozilla-thunderbird

Summary				In	Importance	Status
	76682	Please update mozilla-thunderbird		mozilla-thunderbird (Ubuntu)	Undecided	Fix Released

Bug #77334: Security Update (Firefox)2.0.0.1 is out - since Dec19 - merge for Edgy required

Summary				In	Importance	Status
	77334	Security Update (Firefox)2.0.0.1 is out - since Dec19 - merge for Edgy required		firefox (Ubuntu)	Undecided	Fix Released

Bug #78587: please sync xulrunner 1.8.0.9-1 from Debian unstable (main)

Summary				In	Importance	Status
	78587	please sync xulrunner 1.8.0.9-1 from Debian unstable (main)		xulrunner (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
SECTRACK: 1017398
SECTRACK: 1017405
SECTRACK: 1017406
CERT: TA06-354A
BID: 21668
SECUNIA: 23282
SECUNIA: 23420
SECUNIA: 23422
SUSE: SUSE-SA:2006:080
UBUNTU: USN-398-1
SECUNIA: 23589
GENTOO: GLSA-200701-02
UBUNTU: USN-398-2
UBUNTU: USN-400-1
SECUNIA: 23545
SECUNIA: 23591
SECUNIA: 23614
GENTOO: GLSA-200701-04
SECUNIA: 23692
SUSE: SUSE-SA:2007:006
CERT-VN: VU#427972
SECUNIA: 23672
DEBIAN: DSA-1253
DEBIAN: DSA-1258
SECUNIA: 23988
SECUNIA: 24078
DEBIAN: DSA-1265
SECUNIA: 24390
SUNALERT: 102846
HP: HPSBUX02153
HP: SSRT061181
VUPEN: ADV-2006-5068
VUPEN: ADV-2007-1124
VUPEN: ADV-2008-0083