CVE-2006-0295

MEDIUM

Description

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

References

http://secunia.com/advisories/18700

http://secunia.com/advisories/18704

http://secunia.com/advisories/22065

http://securitytracker.com/id?1015570

http://www.kb.cert.org/vuls/id/759273

http://www.mozilla.org/security/announce/2006/mfsa2006-04.html

http://www.securityfocus.com/archive/1/446657/100/200/threaded

http://www.securityfocus.com/bid/16476

http://www.us-cert.gov/cas/techalerts/TA06-038A.html

http://www.vupen.com/english/advisories/2006/0413

http://www.vupen.com/english/advisories/2006/3749

https://bugzilla.mozilla.org/show_bug.cgi?id=319296

https://exchange.xforce.ibmcloud.com/vulnerabilities/24433

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1562

Details

Source: MITRE

Published: 2006-02-02

Updated: 2018-10-19

Risk Information

CVSS v2.0

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
24403Solaris 9 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
24395Solaris 8 (sparc) : 120671-08NessusSolaris Local Security Checks
critical
23773Solaris 9 (x86) : 120672-08NessusSolaris Local Security Checks
critical
23772Solaris 8 (x86) : 120672-08NessusSolaris Local Security Checks
critical
22987Solaris 10 (x86) : 119116-35 (deprecated)NessusSolaris Local Security Checks
critical
22954Solaris 10 (sparc) : 119115-36 (deprecated)NessusSolaris Local Security Checks
critical
20863SeaMonkey < 1.0 Multiple VulnerabilitiesNessusWindows
high
20842Firefox < 1.5.0.1 Multiple VulnerabilitiesNessusWindows
high
3405Mozilla Firefox < 1.5.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3258Mozilla Thunderbird < 1.5 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3516SeaMonkey < 1.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3514Mozilla Firefox < 1.7.13 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
3513Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple Vulnerabilities (deprecated)Nessus Network MonitorSMTP Clients
medium
3512Mozilla Firefox < 1.0.8 / 1.5.x < 1.5.0.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
801357Mozilla Thunderbird < 1.5.0.2 or 1.0.8 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
801243Mozilla Firefox < 1.5.0.1 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801226Mozilla Browser < 1.7.13 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801220Mozilla Firefox < 1.5.0.2 or 1.0.8 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high