Added: 02/10/2006
CVE: CVE-2006-0295
BID: 16476
OSVDB: 22893
Mozilla is a suite of Internet client products available for multiple platforms.
A memory corruption in the **QueryInterface**
method of the **Location**
and **Navigator**
objects leads to command execution.
Upgrade to the latest version of Firefox, Thunderbird, or SeaMonkey.
<http://www.mozilla.org/security/announce/mfsa2006-04.html>
Exploit works on Firefox 1.5. This exploit requires a user on the target system to follow a link to the exploit using Firefox. Due to the amount of memory required, there may be a delay before the exploit succeeds. Exploit does not work on targets where Security Enhanced Linux is enabled.
Windows
Linux