Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0295

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0295
Last Modified 07 Mar 2011 09:29:44
Published 02 Feb 2006 03:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0295

Summary

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

Vulnerable Systems

Application

  • Mozilla Firefox 1.5

  • Mozilla Seamonkey 1.0

  • Mozilla Thunderbird 1.5


References

CERT - TA06-038A

CERT-VN - VU#759273

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=319296

VUPEN - ADV-2006-3749

VUPEN - ADV-2006-0413

HP - SSRT061236

XF - mozilla-queryinterface-memory-corruption(24433)

BID - 16476

HP - HPSBUX02156

CONFIRM - http://www.mozilla.org/security/announce/2006/mfsa2006-04.html

SECTRACK - 1015570

SECUNIA - 22065

SECUNIA - 18704

SECUNIA - 18700


Last Updated: 27 May 2016 10:41:36