seeing is believing
Showing 1 - 8 of 8 RSS Feed

CVE-2006-6499

Status Candidate

Overview

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

Related Files

Debian Linux Security Advisory 1265-1
Posted Mar 14, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1265-1 - Several security related problems have been discovered in Mozilla and derived products. Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. A bug in the js_dtoa function allows remote attackers to cause a denial of service. "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code. Georgi Guninski discovered several heap-based buffer overflows that allow remote attackers to execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, javascript, vulnerability
systems | linux, debian
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505
MD5 | 31c02d881051dd8d672d1d21b05bdedd
Debian Linux Security Advisory 1258-1
Posted Feb 8, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1258-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox.

tags | advisory
systems | linux, debian
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503
MD5 | 5e265bdf2d23650fa8cfe1f217f3ab00
Debian Linux Security Advisory 1253-1
Posted Jan 29, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1253-1 - Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. A bug in the js_dtoa function allows remote attackers to cause a denial of service. "shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. "moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code.

tags | advisory, remote, denial of service, arbitrary, javascript, vulnerability
systems | linux, debian
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503
MD5 | 71853013fa9f3eebef5078c94aff5f90
Ubuntu Security Notice 398-4
Posted Jan 29, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 398-4 - USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504, CVE-2006-6503
MD5 | 2b879bf8f586b2da0b440c0492eac96a
Ubuntu Security Notice 400-1
Posted Jan 5, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 400-1 - Georgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges or bypass internal XSS protections by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it.

tags | advisory, overflow, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505
MD5 | 585c084b6cac9f09a0225c147620205f
Ubuntu Security Notice 398-3
Posted Jan 5, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 398-3 - USN-398-1 fixed vulnerabilities in Firefox. Due to the updated version, a flaw was uncovered in the Firefox Themes bundle, which erroneously reported to be incompatible with the updated Firefox. This update fixes the problem. Various flaws have been reported in Firefox that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG.

tags | advisory, web, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506, CVE-2006-6507
MD5 | c1a0488095d1b8b4ba2005f12142ee72
Ubuntu Security Notice 398-2
Posted Jan 4, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 398-2 - USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides the corresponding updates for Firefox 1.5. Various flaws have been reported in Firefox that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG.

tags | advisory, web, arbitrary, javascript, vulnerability
systems | linux, ubuntu
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506, CVE-2006-6507
MD5 | a34d22bfa58a248d75d301de58ea4ca3
Ubuntu Security Notice 398-1
Posted Jan 4, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 398-1 - Various flaws have been reported in Firefox that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506, CVE-2006-6507
MD5 | 4dffd69e8814434b871c781f67c0bb59
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close