CVE-2006-0295 – Firefox location.QueryInterface() Code Execution

https://notcve.org/view.php?id=CVE-2006-0295

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. Mozilla Firefox versions 1.5 and below remote command execution interface that makes use of location.QueryInterface(). Max OS X version. • https://www.exploit-db.com/exploits/1474 https://www.exploit-db.com/exploits/16301 https://www.exploit-db.com/exploits/1480 http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/22065 http://securitytracker.com/id?1015570 http://www.kb.cert.org/vuls/id/759273 http://www.mozilla.org/security/announce/2006/mfsa2006-04.html http://www.securityfocus.com/archive/1/446657/100/200/threaded http://www.securityfocus.com/bid/ •