Vulnerabilities > CVE-2006-0295 - Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
mozilla
nessus
exploit available
metasploit

Summary

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

Vulnerable Configurations

Part Description Count
Application
Mozilla
4

Exploit-Db

  • descriptionMozilla Firefox 1.5 location.QueryInterface() Code Execution (osx). CVE-2006-0295. Remote exploit for osx platform
    idEDB-ID:1480
    last seen2016-01-31
    modified2006-02-08
    published2006-02-08
    reporterH D Moore
    sourcehttps://www.exploit-db.com/download/1480/
    titleMozilla Firefox 1.5 - location.QueryInterface Code Execution osx
  • descriptionFirefox location.QueryInterface() Code Execution. CVE-2006-0295. Remote exploits for multiple platform
    idEDB-ID:16301
    last seen2016-02-01
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16301/
    titleFirefox location.QueryInterface Code Execution
  • descriptionMozilla Firefox 1.5 location.QueryInterface() Code Execution (linux). CVE-2006-0295. Remote exploit for linux platform
    idEDB-ID:1474
    last seen2016-01-31
    modified2006-02-07
    published2006-02-07
    reporterH D Moore
    sourcehttps://www.exploit-db.com/download/1474/
    titleMozilla Firefox 1.5 location.QueryInterface Code Execution linux

Metasploit

descriptionThis module exploits a code execution vulnerability in the Mozilla Firefox browser. To reliably exploit this vulnerability, we need to fill almost a gigabyte of memory with our nop sled and payload. This module has been tested on OS X 10.3 with the stock Firefox 1.5.0 package.
idMSF:EXPLOIT/MULTI/BROWSER/FIREFOX_QUERYINTERFACE
last seen2020-02-29
modified2017-07-24
published2006-03-10
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/firefox_queryinterface.rb
titleFirefox location.QueryInterface() Code Execution

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_120671.NASL
    descriptionMozilla 1.7 for Solaris 8 and 9. Date this patch was last updated by Sun : Aug/29/08
    last seen2020-06-01
    modified2020-06-02
    plugin id24403
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24403
    titleSolaris 9 (sparc) : 120671-08
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(24403);
      script_version("1.26");
      script_cvs_date("Date: 2019/10/25 13:36:25");
    
      script_cve_id("CVE-2005-4134", "CVE-2006-0292", "CVE-2006-0293", "CVE-2006-0294", "CVE-2006-0295", "CVE-2006-0296", "CVE-2006-0297", "CVE-2006-0298", "CVE-2006-0299", "CVE-2006-0748", "CVE-2006-0749", "CVE-2006-0884", "CVE-2006-1529", "CVE-2006-1530", "CVE-2006-1531", "CVE-2006-1723", "CVE-2006-1724", "CVE-2006-1725", "CVE-2006-1726", "CVE-2006-1727", "CVE-2006-1728", "CVE-2006-1729", "CVE-2006-1730", "CVE-2006-1731", "CVE-2006-1732", "CVE-2006-1733", "CVE-2006-1734", "CVE-2006-1735", "CVE-2006-1736", "CVE-2006-1737", "CVE-2006-1738", "CVE-2006-1739", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1742", "CVE-2006-1790", "CVE-2006-2779", "CVE-2006-2780", "CVE-2006-5463", "CVE-2006-6498", "CVE-2006-6499");
    
      script_name(english:"Solaris 9 (sparc) : 120671-08");
      script_summary(english:"Check for patch 120671-08");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 120671-08"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Mozilla 1.7 for Solaris 8 and 9.
    Date this patch was last updated by Sun : Aug/29/08"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/120671-08"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"You should install this patch for your system to be up-to-date."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Firefox location.QueryInterface() Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 79, 94, 119, 189, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120671-08", obsoleted_by:"", package:"SUNWmoznav", version:"1.7,REV=10.2005.12.08") < 0) flag++;
    if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120671-08", obsoleted_by:"", package:"SUNWmozmail", version:"1.7,REV=10.2005.12.08") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());
      else security_hole(0);
      exit(0);
    }
    audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idSEAMONKEY_10.NASL
    descriptionThe remote Windows host is using SeaMonkey, an alternative web browser and application suite. The installed version of SeaMonkey contains various security issues, some of which can be exploited to execute arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id20863
    published2006-02-05
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20863
    titleSeaMonkey < 1.0 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description) {
      script_id(20863);
      script_version("1.18");
      script_cve_id("CVE-2005-4134", "CVE-2006-0292", "CVE-2006-0293", "CVE-2006-0294",
                    "CVE-2006-0295", "CVE-2006-0296", "CVE-2006-0297", "CVE-2006-0298",
                    "CVE-2006-0299", "CVE-2006-0749", "CVE-2006-1731", "CVE-2006-1732",
                    "CVE-2006-1733", "CVE-2006-1734", "CVE-2006-1735", "CVE-2006-1736",
                    "CVE-2006-1739", "CVE-2006-1740", "CVE-2006-1741", "CVE-2006-1742");
      script_bugtraq_id(16476);
    
      script_name(english:"SeaMonkey < 1.0 Multiple Vulnerabilities");
      script_summary(english:"Checks for SeaMonkey < 1.0");
    
     script_set_attribute(attribute:"synopsis", value:
    "A web browser on the remote host is prone to multiple flaws." );
     script_set_attribute(attribute:"description", value:
    "The remote Windows host is using SeaMonkey, an alternative web browser
    and application suite. 
    
    The installed version of SeaMonkey contains various security issues,
    some of which can be exploited to execute arbitrary code on the
    affected host subject to the user's privileges." );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-01/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-02/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-03/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-04/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-06/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-07/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-08/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-09/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-10/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-11/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-12/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-13/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-14/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-15/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-16/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-17/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-18/" );
     script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2006-19/" );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to SeaMonkey 1.0 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_set_attribute(attribute:"exploited_by_malware", value:"true");
     script_set_attribute(attribute:"metasploit_name", value:'Firefox location.QueryInterface() Code Execution');
     script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
     script_cwe_id(20, 79, 119, 264, 399);
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/02/05");
     script_set_attribute(attribute:"patch_publication_date", value: "2006/02/02");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/12/07");
     script_cvs_date("Date: 2018/07/27 18:38:15");
    script_set_attribute(attribute:"plugin_type", value:"local");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:seamonkey");
    script_end_attributes();
    
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
     
      script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
     
      script_dependencies("mozilla_org_installed.nasl");
      script_require_keys("SeaMonkey/Version");
    
      exit(0);
    }
    
    
    include("misc_func.inc");
    
    
    ver = read_version_in_kb("SeaMonkey/Version");
    if (isnull(ver)) exit(0);
    
    if (
      ver[0] < 1 ||
      (ver[0] == 1 && ver[1] == 0 && ver[4] =~ "^[ab]$")
    ) security_hole(get_kb_item("SMB/transport"));
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_120672.NASL
    descriptionMozilla 1.7_x86 for Solaris 8 and 9. Date this patch was last updated by Sun : Sep/02/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23773
    published2006-12-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23773
    titleSolaris 9 (x86) : 120672-08
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_120672.NASL
    descriptionMozilla 1.7_x86 for Solaris 8 and 9. Date this patch was last updated by Sun : Sep/02/08
    last seen2020-06-01
    modified2020-06-02
    plugin id23772
    published2006-12-06
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23772
    titleSolaris 8 (x86) : 120672-08
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119116.NASL
    descriptionMozilla 1.7_x86 patch. Date this patch was last updated by Sun : Aug/05/09 This plugin has been deprecated and either replaced with individual 119116 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id22987
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22987
    titleSolaris 10 (x86) : 119116-35 (deprecated)
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_1501.NASL
    descriptionThe remote Windows host is using Firefox, an alternative web browser. The installed version of Firefox contains various security issues, some of which can be exploited to execute arbitrary code on the affected host subject to the user
    last seen2020-06-01
    modified2020-06-02
    plugin id20842
    published2006-02-04
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20842
    titleFirefox < 1.5.0.1 Multiple Vulnerabilities
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_120671.NASL
    descriptionMozilla 1.7 for Solaris 8 and 9. Date this patch was last updated by Sun : Aug/29/08
    last seen2020-06-01
    modified2020-06-02
    plugin id24395
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24395
    titleSolaris 8 (sparc) : 120671-08
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119115.NASL
    descriptionMozilla 1.7 patch. Date this patch was last updated by Sun : Sep/13/14 This plugin has been deprecated and either replaced with individual 119115 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id22954
    published2006-11-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=22954
    titleSolaris 10 (sparc) : 119115-36 (deprecated)

Oval

accepted2009-11-09T04:00:06.261-05:00
classvulnerability
contributors
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameJonathan Baker
    organizationThe MITRE Corporation
  • nameMike Lah
    organizationThe MITRE Corporation
descriptionMozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
familywindows
idoval:org.mitre.oval:def:1562
statusaccepted
submitted2006-02-07T06:13:00.000-04:00
titleMozilla QueryInterface Memory Corruption Vulnerability
version5

Packetstorm

Saint

bid16476
descriptionMozilla Firefox QueryInterface method memory corruption
idweb_client_firefox
osvdb22893
titlefirefox_queryinterface
typeclient