| Vulnerability Name: | CVE-2006-0295 (CCN-24433) | ||||||||
| Assigned: | 2006-02-01 | ||||||||
| Published: | 2006-02-01 | ||||||||
| Updated: | 2018-10-19 | ||||||||
| Summary: | Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P) 3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-0295 Source: CCN Type: SA18700 Firefox Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 18700 Source: CCN Type: SA18704 Thunderbird Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 18704 Source: SECUNIA Type: UNKNOWN 22065 Source: CCN Type: SECTRACK ID: 1015570 Mozilla Firefox Multiple Vulnerabilities May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015570 Source: CCN Type: ASA-2007-135 HP-UX Running Thunderbird Remote Unauthorized Access or Elevation of Privileges or Denial of Service (HPSBUX02156) Source: CCN Type: US-CERT VU#759273 Mozilla QueryInterface memory corruption vulnerability Source: CERT-VN Type: US Government Resource VU#759273 Source: CCN Type: Mozilla Web site Mozilla Products Source: CONFIRM Type: UNKNOWN http://www.mozilla.org/security/announce/2006/mfsa2006-04.html Source: CCN Type: MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator objects Source: CCN Type: OSVDB ID: 22893 Mozilla Multiple Products Location/Navigation Objects QueryInterface Memory Corruption Source: HP Type: UNKNOWN SSRT061236 Source: BID Type: UNKNOWN 16476 Source: CCN Type: BID-16476 Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities Source: CERT Type: US Government Resource TA06-038A Source: VUPEN Type: UNKNOWN ADV-2006-0413 Source: VUPEN Type: UNKNOWN ADV-2006-3749 Source: CCN Type: mozilla.org Bugzilla Bug 319296 CVE-2006-0295 memory corruption via QueryInterface() Source: CONFIRM Type: Patch https://bugzilla.mozilla.org/show_bug.cgi?id=319296 Source: XF Type: UNKNOWN mozilla-queryinterface-memory-corruption(24433) Source: XF Type: UNKNOWN mozilla-queryinterface-memory-corruption(24433) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1562 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||