ID CVE-2006-0297
Summary Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
References
Vulnerable Configurations
  • Mozilla Firefox 1.5
    cpe:2.3:a:mozilla:firefox:1.5
  • Mozilla Firefox 1.5 Beta 1
    cpe:2.3:a:mozilla:firefox:1.5:beta1
  • cpe:2.3:a:mozilla:seamonkey:1.0:-:alpha
    cpe:2.3:a:mozilla:seamonkey:1.0:-:alpha
  • Mozilla SeaMonkey 1.0 beta
    cpe:2.3:a:mozilla:seamonkey:1.0:beta
  • Mozilla Thunderbird 1.5
    cpe:2.3:a:mozilla:thunderbird:1.5
CVSS
Base: 5.1 (as of 03-02-2006 - 08:25)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
metasploit via4
description This module exploits a code execution vulnerability in the Mozilla Firefox browser. To reliably exploit this vulnerability, we need to fill almost a gigabyte of memory with our nop sled and payload. This module has been tested on OS X 10.3 with the stock Firefox 1.5.0 package.
id MSF:EXPLOIT/MULTI/BROWSER/FIREFOX_QUERYINTERFACE
last seen 2019-02-12
modified 2017-07-24
published 2006-03-10
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/firefox_queryinterface.rb
title Firefox location.QueryInterface() Code Execution
nessus via4
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_1501.NASL
    description The remote Windows host is using Firefox, an alternative web browser. The installed version of Firefox contains various security issues, some of which can be exploited to execute arbitrary code on the affected host subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20842
    published 2006-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20842
    title Firefox < 1.5.0.1 Multiple Vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119115.NASL
    description Mozilla 1.7 patch. Date this patch was last updated by Sun : Sep/13/14 This plugin has been deprecated and either replaced with individual 119115 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 22954
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22954
    title Solaris 10 (sparc) : 119115-36 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_120672.NASL
    description Mozilla 1.7_x86 for Solaris 8 and 9. Date this patch was last updated by Sun : Sep/02/08
    last seen 2018-09-02
    modified 2016-12-09
    plugin id 23772
    published 2006-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23772
    title Solaris 8 (x86) : 120672-08
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_120671.NASL
    description Mozilla 1.7 for Solaris 8 and 9. Date this patch was last updated by Sun : Aug/29/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 24403
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24403
    title Solaris 9 (sparc) : 120671-08
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119116.NASL
    description Mozilla 1.7_x86 patch. Date this patch was last updated by Sun : Aug/05/09 This plugin has been deprecated and either replaced with individual 119116 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 22987
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22987
    title Solaris 10 (x86) : 119116-35 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_120672.NASL
    description Mozilla 1.7_x86 for Solaris 8 and 9. Date this patch was last updated by Sun : Sep/02/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 23773
    published 2006-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23773
    title Solaris 9 (x86) : 120672-08
  • NASL family Windows
    NASL id SEAMONKEY_10.NASL
    description The remote Windows host is using SeaMonkey, an alternative web browser and application suite. The installed version of SeaMonkey contains various security issues, some of which can be exploited to execute arbitrary code on the affected host subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 20863
    published 2006-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20863
    title SeaMonkey < 1.0 Multiple Vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_120671.NASL
    description Mozilla 1.7 for Solaris 8 and 9. Date this patch was last updated by Sun : Aug/29/08
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 24395
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24395
    title Solaris 8 (sparc) : 120671-08
oval via4
accepted 2009-11-09T04:00:03.379-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Mike Lah
    organization The MITRE Corporation
description Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.
family windows
id oval:org.mitre.oval:def:1339
status accepted
submitted 2006-02-07T06:13:00.000-04:00
title Mozilla Integer overflows in E4X, SVG, and Canvas Features
version 5
refmap via4
bid 16476
confirm
hp
  • HPSBUX02156
  • SSRT061236
sectrack 1015570
secunia
  • 18700
  • 18704
  • 22065
vupen
  • ADV-2006-0413
  • ADV-2006-3749
xf mozilla-component-integer-overflow(24435)
saint via4
bid 16476
description illa Firefox QueryInterface method memory corruption
id web_client_firefox
osvdb 22893
title firefox_queryinterface
type client
Last major update 07-03-2011 - 21:29
Published 02-02-2006 - 17:02
Last modified 19-10-2018 - 11:44
Back to Top