VDB
CVE-2006-0295
CVE-2006-0295
PUBLISHED
CVSS 5.099999904632568 MEDIUM
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
EPSS 83.41% · 99.3th percentile
Risk Scores
CVSS 2.0
5.099999904632568
EPSS Score
83.41%
99.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| mozilla | firefox | 1.5 |
| mozilla | seamonkey | 1.0, 1.0 |
| mozilla | thunderbird | 1.5 |
Timeline
- Feb 2, 2006 CVE Published
- Sep 20, 2010 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=319296 url
- 18704 third-party-advisory
- ADV-2006-3749 vdb
- 16476 vdb
- oval:org.mitre.oval:def:1562 vdb
- ADV-2006-0413 vdb
- 1015570 vdb
- mozilla-queryinterface-memory-corruption(24433) vdb
- 18700 third-party-advisory
- SSRT061236 vendor-advisory
- http://www.mozilla.org/security/announce/2006/mfsa2006-04.html url
- VU#759273 third-party-advisory
- TA06-038A third-party-advisory
- 22065 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-0295 advisory