CVE-2006-0295

2006-02-0220:06:00

redhat

web.nvd.nist.gov

cve-2006-0295

mozilla firefox

thunderbird

seamonkey

remote code execution

javascript

memory corruption

nvd

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.97

Percentile

99.7%

JSON

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

Affected configurations

Nvd

Node

mozillafirefoxMatch1.5

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillathunderbirdMatch1.5

VendorProductVersionCPE
mozillafirefox1.5cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
mozillaseamonkey1.0cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
mozillaseamonkey1.0cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
mozillathunderbird1.5cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	1.5	cpe:2.3:a:mozilla:firefox:1.5:::::::*
mozilla	seamonkey	1.0	cpe:2.3:a:mozilla:seamonkey:1.0::alpha:::::
mozilla	seamonkey	1.0	cpe:2.3:a:mozilla:seamonkey:1.0:beta::::::
mozilla	thunderbird	1.5	cpe:2.3:a:mozilla:thunderbird:1.5:::::::*