CVE-2006-6499

NameCVE-2006-6499
DescriptionThe js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1253-1, DSA-1258-1, DSA-1265-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid46.0-1fixed
firefox-esr (PTS)stretch45.0.2esr-1fixed
sid45.1.0esr-1fixed
icedove (PTS)wheezy31.8.0-1~deb7u1fixed
wheezy (security)38.7.0-1~deb7u1fixed
jessie31.8.0-1~deb8u1fixed
jessie (security)38.7.0-1~deb8u1fixed
stretch38.6.0-1fixed
sid38.7.2-1fixed
iceweasel (PTS)wheezy38.5.0esr-1~deb7u2fixed
wheezy (security)38.8.0esr-1~deb7u1fixed
jessie38.7.1esr-1~deb8u1fixed
jessie (security)38.8.0esr-1~deb8u1fixed
xulrunner (PTS)wheezy (security), wheezy24.8.1esr-2~deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)45.0-1high
firefox-esrsource(unstable)45.0esr-1high
iceapesource(unstable)1.0.7-1high
icedovesource(unstable)1.5.0.9.dfsg1-1low
iceweaselsource(unstable)2.0.0.1+dfsg-1high
mozillasource(unstable)(unfixed)high
mozillasourcesarge2:1.7.8-1sarge10mediumDSA-1265-1
mozilla-firefoxsource(unstable)(unfixed)high
mozilla-firefoxsourcesarge1.0.4-2sarge15mediumDSA-1253-1
mozilla-thunderbirdsource(unstable)(unfixed)low
mozilla-thunderbirdsourcesarge1.0.2-2.sarge1.0.8e.2mediumDSA-1258-1
xulrunnersource(unstable)1.8.0.9-1high

Notes

MFSA-2006-68
Is it possible to reduce the floating point precision in Linux as a non-priv
user? I don't think so

Search for package or bug name: Reporting problems