Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:DFDE8BD8D9073E87822D00172BCC96DF
HistoryFeb 10, 2006 - 12:00 a.m.

Mozilla Firefox QueryInterface method memory corruption

2006-02-1000:00:00
SAINT Corporation
download.saintcorporation.com
11

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON

Added: 02/10/2006
CVE: CVE-2006-0295
BID: 16476
OSVDB: 22893

Background

Mozilla is a suite of Internet client products available for multiple platforms.

Problem

A memory corruption in the **QueryInterface** method of the **Location** and **Navigator** objects leads to command execution.

Resolution

Upgrade to the latest version of Firefox, Thunderbird, or SeaMonkey.

References

<http://www.mozilla.org/security/announce/mfsa2006-04.html&gt;

Limitations

Exploit works on Firefox 1.5. This exploit requires a user on the target system to follow a link to the exploit using Firefox. Due to the amount of memory required, there may be a delay before the exploit succeeds. Exploit does not work on targets where Security Enhanced Linux is enabled.

Platforms

Windows
Linux

Related

packetstorm 3
saint 3
debiancve 1
mozilla 1
prion 1
ubuntucve 1
checkpoint_advisories 1
cert 1
cve 1
securityvulns 1
nessus 8
openvas 2
packetstorm
packetstorm
firefox_queryinterface_mac.pm.txt
2006-02-14 00:00:00
firefox_queryinterface.pm.txt
2006-02-14 00:00:00
Firefox location.QueryInterface() Code Execution
2009-10-27 00:00:00
saint
saint
Mozilla Firefox QueryInterface method memory corruption
2006-02-10 00:00:00
Mozilla Firefox QueryInterface method memory corruption
2006-02-10 00:00:00
Mozilla Firefox QueryInterface method memory corruption
2006-02-10 00:00:00
debiancve
debiancve
CVE-2006-0295
2006-02-02 20:06:00
mozilla
mozilla
Memory corruption via QueryInterface on Location, Navigator objects — Mozilla
2006-02-01 00:00:00
prion
prion
Memory corruption
2006-02-02 20:06:00
ubuntucve
ubuntucve
CVE-2006-0295
2006-02-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Products QueryInterface Method Memory Corruption (CVE-2006-0295)
2009-12-20 00:00:00
cert
cert
Mozilla QueryInterface memory corruption vulnerability
2006-02-07 00:00:00
cve
cve
CVE-2006-0295
2006-02-02 20:06:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA06-038A -- Multiple Vulnerabilities in Mozilla Products
2006-02-08 00:00:00
nessus
nessus
Firefox < 1.5.0.1 Multiple Vulnerabilities
2006-02-04 00:00:00
SeaMonkey < 1.0 Multiple Vulnerabilities
2006-02-05 00:00:00
Solaris 9 (x86) : 120672-08
2006-12-06 00:00:00
openvas
openvas
HP-UX Update for Thunderbird HPSBUX02156
2009-05-05 00:00:00
HP-UX Update for Thunderbird HPSBUX02156
2009-05-05 00:00:00

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:DFDE8BD8D9073E87822D00172BCC96DF
packetstorm3saint3debiancve1mozilla1prion1ubuntucve1checkpoint_advisories1cert1cve1securityvulns1nessus8openvas2