CVE-2006-6499
Published: 20 December 2006
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
|
edgy |
Released
(2.0.0.6+0dfsg-0ubuntu0.6.10)
|
|
feisty |
Released
(2.0.0.6+1-0ubuntu1)
|
|
gutsy |
Not vulnerable
|
|
upstream |
Needs triage
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(3.0~alpha7-0ubuntu6)
|
|
upstream |
Needs triage
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(1.1.4-1ubuntu2)
|
|
upstream |
Needs triage
|
|
lightning-sunbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(0.5-0ubuntu4)
|
|
upstream |
Needs triage
|
|
midbrowser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Released
(0.1.6b-0ubuntu2)
|
|
upstream |
Needs triage
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13-0ubuntu0.6.06)
|
edgy |
Released
(1.5.0.13-0ubuntu0.6.10)
|
|
feisty |
Released
(1.5.0.13-0ubuntu0.7.04)
|
|
gutsy |
Does not exist
|
|
upstream |
Needs triage
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Released
(1.8.0.10-3ubuntu1)
|
|
gutsy |
Released
(1.8.0.10-3ubuntu1)
|
|
upstream |
Needs triage
|