{"vuid":"VU#427972","idnumber":"427972","name":"Mozilla denial of service vulnerability","keywords":["Mozilla","DoS","denial of service","js_dtoa function","overwrites memory","floating point precision","mozilla_20061219"],"overview":"Certain Mozilla products contain a denial-of-service vulnerability.","clean_desc":"Certain Mozilla products contain a denial-of-service vulnerability that occurs because of an infinite loop in the js_dtoa function. Mozilla Firefox versions prior to 2.0.0.1, Thunderbird prior to 1.5.0.9, and other Mozilla products may be affected. According to Mozilla Foundation Security Advisory 2006-68: Keith Victor reported that if the floating point precision of the CPU was reduced (which can happen on windows by loading a plugin which creates a Direct3D device) then it is possible that js_dtoa() will not exit and instead overwrite memory. None of the most common plugins in use do this which lowers the overall impact of this vulnerability to moderate.","impact":"A remote unauthenticated attacker may be able to cause a denial-of-service condition.","resolution":"Upgrade\nThe Mozilla Foundation has released upgrades that address this issue. See Mozilla Foundation Security Advisory 2006-68 for more information.","workarounds":"","sysaffected":"","thanks":"Thanks to Igor Bukanov, Jesse Ruderman, moz_bug_r_a4, Mozilla for providing information that was used in this report.","author":"This document was written by Ryan Giobbi.","public":["http://www.mozilla.org/security/announce/2006/mfsa2006-68.html","https://bugzilla.mozilla.org/show_bug.cgi?id=358569","http://secunia.com/advisories/23420/","http://secunia.com/advisories/23591/","http://secunia.com/advisories/23598/","http://secunia.com/advisories/23439/","http://secunia.com/advisories/23514/","http://secunia.com/advisories/23618/","http://www.securityfocus.com/bid/21668","http://secunia.com/advisories/23988/","http://www.auscert.org.au/7372","http://secunia.com/advisories/24390/","http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102846-1"],"cveids":["CVE-2006-6499"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-12-20T20:42:17Z","publicdate":"2006-12-19T00:00:00Z","datefirstpublished":"2007-01-09T17:33:15Z","dateupdated":"2007-06-04T14:16:27Z","revision":42,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"1","cam_widelyknown":"19","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"6","cam_impact":"5","cam_easeofexploitation":"4","cam_attackeraccessrequired":"6","cam_scorecurrent":"0.297","cam_scorecurrentwidelyknown":"0.3105","cam_scorecurrentwidelyknownexploited":"0.5805","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.297,"vulnote":null}