CVE-2006-0295
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
| Software | From | Fixed in |
|---|---|---|
| mozilla / seamonkey | 1.0-beta | 1.0-beta.x |
| mozilla / firefox | 1.5 | 1.5.x |
| mozilla / seamonkey | 1.0 | 1.0.x |
| mozilla / thunderbird | 1.5 | 1.5.x |
- http://secunia.com/advisories/18700
- http://secunia.com/advisories/18704
- http://secunia.com/advisories/22065
- http://securitytracker.com/id?1015570
- http://www.kb.cert.org/vuls/id/759273
- http://www.mozilla.org/security/announce/2006/mfsa2006-04.html
- http://www.securityfocus.com/archive/1/446657/100/200/threaded
- http://www.securityfocus.com/bid/16476
- http://www.us-cert.gov/cas/techalerts/TA06-038A.html
- http://www.vupen.com/english/advisories/2006/0413
- http://www.vupen.com/english/advisories/2006/3749
- https://bugzilla.mozilla.org/show_bug.cgi?id=319296
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24433
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1562
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime