Vulnerability Note VU#759273
Mozilla QueryInterface memory corruption vulnerability
Mozilla Firefox web browser and Thunderbird mail client contain a memory corruption vulnerability that may allow a remote attacker to execute arbitrary code.
The Mozilla Firefox QueryInterface method contains a memory corruption vulnerability. According to Mozilla:
Calling the QueryInterface method of the built-in Location and Navigator objects causes memory corruption that might be exploitable to run arbitrary code.
We are aware of working exploit code for this vulnerability.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mozilla, Inc.||Affected||-||07 Feb 2006|
|Red Hat, Inc.||Not Affected||-||09 Feb 2006|
CVSS Metrics (Learn More)
These vulnerabilities were reported by Georgi Guninski.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-0295
- Date Public: 02 Feb 2006
- Date First Published: 07 Feb 2006
- Date Last Updated: 09 Feb 2006
- Severity Metric: 15.46
- Document Revision: 36
If you have feedback, comments, or additional information about this vulnerability, please send us email.