Headline
GHSA-3w8q-xq97-5j7x: Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
When an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service.
Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult
where pow5mult attempts to raise 5 to a ridiculous power.
Example code: (4.47118444E-314).toFixed(2)
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-66453
Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function
Low severity GitHub Reviewed Published Dec 3, 2025 in mozilla/rhino • Updated Dec 3, 2025
Package
maven org.mozilla:rhino (Maven)
Affected versions
< 1.7.14.1
>= 1.7.15, < 1.7.15.1
= 1.8.0
Patched versions
1.7.14.1
1.7.15.1
1.8.1
When an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service.
Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult
where pow5mult attempts to raise 5 to a ridiculous power.
Example code: (4.47118444E-314).toFixed(2)
References
- GHSA-3w8q-xq97-5j7x
- mozilla/rhino@2bcf4c4
Published to the GitHub Advisory Database
Dec 3, 2025