CVE-2006-0295
Description
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
- (no CPE)range: = 1.5
cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*+ 2 more
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- (no CPE)range: < 1.0
cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- (no CPE)range: = 1.5
Patches
Vulnerability mechanics
Root cause
"Calling the QueryInterface method on built-in Location and Navigator objects leads to memory corruption."
Attack vector
Remote attackers can execute arbitrary code by calling the QueryInterface method of the built-in Location and Navigator objects [ref_id=1]. This vulnerability is present in Mozilla Firefox 1.5, Thunderbird 1.5 if JavaScript is enabled in mail, and SeaMonkey before 1.0 [ref_id=1]. A working exploit for Linux and Mac OS X versions of Firefox 1.5 was published [ref_id=1].
Affected code
The vulnerability lies in the QueryInterface method of the built-in Location and Navigator objects [ref_id=1]. This flaw was introduced during the development of Firefox 1.5/SeaMonkey 1.0, with older versions like Firefox 1.0 and Mozilla Suite 1.7 not appearing to be vulnerable [ref_id=1].
What the fix does
The advisory indicates that the flaw has been fixed in Firefox 1.5.0.1, SeaMonkey 1, and Thunderbird 1.5.0.2 [ref_id=1]. The recommended remediation is to upgrade to these fixed versions. Users are also advised not to enable JavaScript in Thunderbird or SeaMonkey mail as a workaround [ref_id=1].
Preconditions
- configJavaScript must be enabled in mail for Thunderbird 1.5 to be vulnerable [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
14- bugzilla.mozilla.org/show_bug.cginvdPatch
- www.kb.cert.org/vuls/id/759273nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA06-038A.htmlnvdUS Government Resource
- secunia.com/advisories/18700nvd
- secunia.com/advisories/18704nvd
- secunia.com/advisories/22065nvd
- securitytracker.com/idnvd
- www.mozilla.org/security/announce/2006/mfsa2006-04.htmlnvd
- www.securityfocus.com/archive/1/446657/100/200/threadednvd
- www.securityfocus.com/bid/16476nvd
- www.vupen.com/english/advisories/2006/0413nvd
- www.vupen.com/english/advisories/2006/3749nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24433nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1562nvd
News mentions
0No linked articles in our index yet.