CVE-2006-0295

critical

Description

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1562

https://exchange.xforce.ibmcloud.com/vulnerabilities/24433

https://bugzilla.mozilla.org/show_bug.cgi?id=319296

http://www.vupen.com/english/advisories/2006/3749

http://www.vupen.com/english/advisories/2006/0413

http://www.us-cert.gov/cas/techalerts/TA06-038A.html

http://www.securityfocus.com/bid/16476

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.mozilla.org/security/announce/2006/mfsa2006-04.html

http://www.kb.cert.org/vuls/id/759273

http://securitytracker.com/id?1015570

http://secunia.com/advisories/22065

http://secunia.com/advisories/18704

http://secunia.com/advisories/18700

Details

Source: Mitre, NVD

Published: 2006-02-02

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.82372