CVE-2006-6499

Name: CVE-2006-6499
Creator: NVD / NIST
Published: 2006-12-20T01:28:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.72%

Last modified Jun 16, 2026

CVE-2006-6499 is a vulnerability of currently unknown severity. The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.. EPSS estimates a 3.72% chance of exploitation in the next 30 days.

Description

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

Metrics

EPSS Probability

3.72%

88.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-835

Affected Software

Vendor	Product	Versions
Mozilla	Firefox	>= 1.5, < 1.5.0.9
Mozilla	Firefox	>= 2.0, < 2.0.0.1
Mozilla	Seamonkey	< 1.0.7
Mozilla	Thunderbird	< 1.5.0.9
Debian	Debian Linux	3.1
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	5.10
Canonical	Ubuntu Linux	6.06
Canonical	Ubuntu Linux	6.10

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
http://secunia.com/advisories/23282Broken Link, Third Party Advisory
http://secunia.com/advisories/23420Broken Link, Third Party Advisory
http://secunia.com/advisories/23422Broken Link, Third Party Advisory
http://secunia.com/advisories/23545Broken Link, Third Party Advisory
http://secunia.com/advisories/23589Broken Link, Third Party Advisory
http://secunia.com/advisories/23591Broken Link, Third Party Advisory
http://secunia.com/advisories/23614Broken Link, Third Party Advisory
http://secunia.com/advisories/23672Broken Link, Third Party Advisory
http://secunia.com/advisories/23692Broken Link, Third Party Advisory
http://secunia.com/advisories/23988Broken Link, Third Party Advisory
http://secunia.com/advisories/24078Broken Link, Third Party Advisory
http://secunia.com/advisories/24390Broken Link, Third Party Advisory
http://security.gentoo.org/glsa/glsa-200701-02.xmlBroken Link, Third Party Advisory
http://securitytracker.com/id?1017398Broken Link, Third Party Advisory, VDB Entry
http://securitytracker.com/id?1017405Broken Link, Third Party Advisory, VDB Entry
http://securitytracker.com/id?1017406Broken Link, Third Party Advisory, VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1Broken Link
http://www.debian.org/security/2007/dsa-1253Third Party Advisory
http://www.debian.org/security/2007/dsa-1258Third Party Advisory
http://www.debian.org/security/2007/dsa-1265Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xmlThird Party Advisory
http://www.kb.cert.org/vuls/id/427972Third Party Advisory, US Government Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-68.htmlVendor Advisory
http://www.novell.com/linux/security/advisories/2006_80_mozilla.htmlBroken Link
http://www.novell.com/linux/security/advisories/2007_06_mozilla.htmlBroken Link
http://www.securityfocus.com/bid/21668Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-398-1Third Party Advisory
http://www.ubuntu.com/usn/usn-398-2Third Party Advisory
http://www.ubuntu.com/usn/usn-400-1Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA06-354A.htmlBroken Link, Third Party Advisory, US Government Resource
http://www.vupen.com/english/advisories/2006/5068Broken Link, Third Party Advisory
http://www.vupen.com/english/advisories/2007/1124Broken Link, Third Party Advisory
http://www.vupen.com/english/advisories/2008/0083Broken Link, Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
http://secunia.com/advisories/23282Broken Link, Third Party Advisory
http://secunia.com/advisories/23420Broken Link, Third Party Advisory
http://secunia.com/advisories/23422Broken Link, Third Party Advisory
http://secunia.com/advisories/23545Broken Link, Third Party Advisory
http://secunia.com/advisories/23589Broken Link, Third Party Advisory
http://secunia.com/advisories/23591Broken Link, Third Party Advisory
http://secunia.com/advisories/23614Broken Link, Third Party Advisory
http://secunia.com/advisories/23672Broken Link, Third Party Advisory
http://secunia.com/advisories/23692Broken Link, Third Party Advisory
http://secunia.com/advisories/23988Broken Link, Third Party Advisory
http://secunia.com/advisories/24078Broken Link, Third Party Advisory
http://secunia.com/advisories/24390Broken Link, Third Party Advisory
http://security.gentoo.org/glsa/glsa-200701-02.xmlBroken Link, Third Party Advisory
http://securitytracker.com/id?1017398Broken Link, Third Party Advisory, VDB Entry
http://securitytracker.com/id?1017405Broken Link, Third Party Advisory, VDB Entry
http://securitytracker.com/id?1017406Broken Link, Third Party Advisory, VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1Broken Link
http://www.debian.org/security/2007/dsa-1253Third Party Advisory
http://www.debian.org/security/2007/dsa-1258Third Party Advisory
http://www.debian.org/security/2007/dsa-1265Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xmlThird Party Advisory
http://www.kb.cert.org/vuls/id/427972Third Party Advisory, US Government Resource
http://www.mozilla.org/security/announce/2006/mfsa2006-68.htmlVendor Advisory
http://www.novell.com/linux/security/advisories/2006_80_mozilla.htmlBroken Link
http://www.novell.com/linux/security/advisories/2007_06_mozilla.htmlBroken Link
http://www.securityfocus.com/bid/21668Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-398-1Third Party Advisory
http://www.ubuntu.com/usn/usn-398-2Third Party Advisory
http://www.ubuntu.com/usn/usn-400-1Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA06-354A.htmlBroken Link, Third Party Advisory, US Government Resource
http://www.vupen.com/english/advisories/2006/5068Broken Link, Third Party Advisory
http://www.vupen.com/english/advisories/2007/1124Broken Link, Third Party Advisory
http://www.vupen.com/english/advisories/2008/0083Broken Link, Third Party Advisory

Timeline

Published: Dec 20, 2006
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-6499?

How severe is CVE-2006-6499?

Severity scoring for CVE-2006-6499 is pending analysis. The EPSS model estimates a 3.72% probability of exploitation in the next 30 days.

How do I fix CVE-2006-6499?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-6499?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST