Approved changes feed: RSS · Atom
cpe:2.3:a:mozilla:rhino:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Mozilla (be1b0d4e-21a7-5a25-9982-bbda6ef43ec1) |
|---|---|
| Product | Rhino (322097bb-628b-515b-9888-02a04c81a1dc) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/mozilla/rhino |
purl2cpe | 2026-06-01 10:17:52.551855 |
pkg:maven/org.mozilla/rhino |
purl2cpe | 2026-06-01 10:17:52.551857 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-66453 |
vulnerable | 2026-06-03 15:11:00.556769 |
Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Published: 2025-12-03T19:31:54.629Z
Updated: 2025-12-03T19:43:58.830Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.