Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:CBC8C939D8476683551E199B12BD743A
HistoryFeb 10, 2006 - 12:00 a.m.

Mozilla Firefox QueryInterface method memory corruption

2006-02-1000:00:00
SAINT Corporation
download.saintcorporation.com
15

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.968 High

EPSS

Percentile

99.6%

JSON

Added: 02/10/2006
CVE: CVE-2006-0295
BID: 16476
OSVDB: 22893

Background

Mozilla is a suite of Internet client products available for multiple platforms.

Problem

A memory corruption in the **QueryInterface** method of the **Location** and **Navigator** objects leads to command execution.

Resolution

Upgrade to the latest version of Firefox, Thunderbird, or SeaMonkey.

References

<http://www.mozilla.org/security/announce/mfsa2006-04.html&gt;

Limitations

Exploit works on Firefox 1.5. This exploit requires a user on the target system to follow a link to the exploit using Firefox. Due to the amount of memory required, there may be a delay before the exploit succeeds. Exploit does not work on targets where Security Enhanced Linux is enabled.

Platforms

Windows
Linux

Related

packetstorm 3
saint 3
debiancve 1
mozilla 1
cert 1
cve 1
prion 1
ubuntucve 1
checkpoint_advisories 1
securityvulns 1
nessus 8
openvas 2
packetstorm
packetstorm
firefox_queryinterface_mac.pm.txt
2006-02-14 00:00:00
firefox_queryinterface.pm.txt
2006-02-14 00:00:00
Firefox location.QueryInterface() Code Execution
2009-10-27 00:00:00
saint
saint
Mozilla Firefox QueryInterface method memory corruption
2006-02-10 00:00:00
Mozilla Firefox QueryInterface method memory corruption
2006-02-10 00:00:00
Mozilla Firefox QueryInterface method memory corruption
2006-02-10 00:00:00
debiancve
debiancve
CVE-2006-0295
2006-02-02 20:06:00
mozilla
mozilla
Memory corruption via QueryInterface on Location, Navigator objects — Mozilla
2006-02-01 00:00:00
cert
cert
Mozilla QueryInterface memory corruption vulnerability
2006-02-07 00:00:00
cve
cve
CVE-2006-0295
2006-02-02 20:06:00
prion
prion
Memory corruption
2006-02-02 20:06:00
ubuntucve
ubuntucve
CVE-2006-0295
2006-02-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Products QueryInterface Method Memory Corruption (CVE-2006-0295)
2009-12-20 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-038A -- Multiple Vulnerabilities in Mozilla Products
2006-02-08 00:00:00
nessus
nessus
Firefox < 1.5.0.1 Multiple Vulnerabilities
2006-02-04 00:00:00
SeaMonkey < 1.0 Multiple Vulnerabilities
2006-02-05 00:00:00
Solaris 9 (x86) : 120672-08
2006-12-06 00:00:00
openvas
openvas
HP-UX Update for Thunderbird HPSBUX02156
2009-05-05 00:00:00
HP-UX Update for Thunderbird HPSBUX02156
2009-05-05 00:00:00

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.968 High

EPSS

Percentile

99.6%

JSON
Related for SAINT:CBC8C939D8476683551E199B12BD743A
packetstorm3saint3debiancve1mozilla1cert1cve1prion1ubuntucve1checkpoint_advisories1securityvulns1nessus8openvas2