Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-0295

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

Related bugs and status

CVE-2006-0295 (Candidate) is related to these bugs:

Bug #41096: update to thunderbird 1.5.0.2

Summary				In	Importance	Status
	41096	update to thunderbird 1.5.0.2		mozilla-thunderbird (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.mozil...
BID: 16476
SECUNIA: 18700
SECUNIA: 18704
CERT-VN: VU#759273
SECTRACK: 1015570
CONFIRM: http://www.mozilla.org...
SECUNIA: 22065
CERT: TA06-038A
VUPEN: ADV-2006-0413
VUPEN: ADV-2006-3749
XF: mozilla-queryinterface...
OVAL: oval:org.mitre.oval:de...
HP: HPSBUX02156
HP: SSRT061236