CVE-2006-6499 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2006-6499 Interim 1 6 2024-09-15T02:41:25Z current 2021-05-30T12:37:19Z 2024-09-15T02:41:25Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2006-6499 The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AKRQNKR7TLOOCS5DB6ZRNQKL4JUYVOMW/#AKRQNKR7TLOOCS5DB6ZRNQKL4JUYVOMW E-Mail link for SUSE-SA:2006:080 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DIRPHXRTWZKIKN4XN2NQYQOU6XCHVB6D/#DIRPHXRTWZKIKN4XN2NQYQOU6XCHVB6D E-Mail link for SUSE-SA:2007:006 https://www.suse.com/support/security/rating/ SUSE Security Ratings The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision. CVE-2006-6499 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P