Rapid7 Vulnerability & Exploit Database

MFSA2006-68 Firefox: Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1) (CVE-2006-6499)

Back to Search

MFSA2006-68 Firefox: Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1) (CVE-2006-6499)

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
12/19/2006
Created
07/25/2018
Added
06/14/2012
Modified
02/13/2015

Description

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

Solution(s)

  • mozilla-firefox-upgrade-1_5_0_9
  • mozilla-firefox-upgrade-2_0_0_1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;