Overview
Certain Mozilla products contain a denial-of-service vulnerability.
Description
Certain Mozilla products contain a denial-of-service vulnerability that occurs because of an infinite loop in the js_dtoa function. Mozilla Firefox versions prior to 2.0.0.1, Thunderbird prior to 1.5.0.9, and other Mozilla products may be affected. According to Mozilla Foundation Security Advisory 2006-68: |
Impact
A remote unauthenticated attacker may be able to cause a denial-of-service condition. |
Solution
Upgrade The Mozilla Foundation has released upgrades that address this issue. See Mozilla Foundation Security Advisory 2006-68 for more information. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=358569
- http://secunia.com/advisories/23420/
- http://secunia.com/advisories/23591/
- http://secunia.com/advisories/23598/
- http://secunia.com/advisories/23439/
- http://secunia.com/advisories/23514/
- http://secunia.com/advisories/23618/
- http://www.securityfocus.com/bid/21668
- http://secunia.com/advisories/23988/
- http://www.auscert.org.au/7372
- http://secunia.com/advisories/24390/
- http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102846-1
Acknowledgements
Thanks to Igor Bukanov, Jesse Ruderman, moz_bug_r_a4, Mozilla for providing information that was used in this report.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | CVE-2006-6499 |
| Severity Metric: | 0.30 |
| Date Public: | 2006-12-19 |
| Date First Published: | 2007-01-09 |
| Date Last Updated: | 2007-06-04 14:16 UTC |
| Document Revision: | 42 |