Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1r4s-89nj-wbb6
Summary
Calling the QueryInterface method of the built-in
Location and Navigator objects causes memory corruption
that might be exploitable to run arbitrary code.This flaw appears to have been introduced during development
of Firefox 1.5/SeaMonkey 1.0 -- Firefox 1.0 and the older
Mozilla Suite 1.7 do not appear to be vulnerable.Thunderbird 1.5 could be vulnerable if JavaScript is
enabled in mail. This is not the default setting and we strongly
discourage users from turning on JavaScript in mail. Thunderbird
is not vulnerable in its default configuration.Update (7 February 2006)
H D Moore of the Metasploit Project published a working exploit on milw0rm
for the Linux and Mac OS X versions of Firefox 1.5. Severity upgraded
to critical.Update (13 April 2006)
This flaw has been fixed in Thunderbird 1.5.0.2
Aliases
0
alias CVE-2006-0295
Fixed_packages
0
url pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid
purl pkg:deb/debian/firefox@1.5.dfsg%2B1.5.0.1-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@1.5.dfsg%252B1.5.0.1-1%3Fdistro=sid
1
url pkg:deb/debian/firefox@151.0.3-1?distro=sid
purl pkg:deb/debian/firefox@151.0.3-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox@151.0.3-1%3Fdistro=sid
2
url pkg:deb/debian/thunderbird@1.5.0.2-1?distro=trixie
purl pkg:deb/debian/thunderbird@1.5.0.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1.5.0.2-1%3Fdistro=trixie
3
url pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:115.12.0-1~deb11u1%3Fdistro=trixie
4
url pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.10.1esr-1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie
purl pkg:deb/debian/thunderbird@1:140.11.0esr-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/thunderbird@1:140.11.0esr-1%3Fdistro=trixie
7
url pkg:mozilla/SeaMonkey@1.0.0
purl pkg:mozilla/SeaMonkey@1.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.0
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-0295
reference_id
reference_type
scores
0
value 0.83409
scoring_system epss
scoring_elements 0.99292
published_at 2026-06-04T12:55:00Z
1
value 0.83409
scoring_system epss
scoring_elements 0.99293
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-0295
1
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442
reference_id 351442
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=351442
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0295
reference_id CVE-2006-0295
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0295
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/1480.pm
reference_id CVE-2006-0295
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/remote/1480.pm
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16301.rb
reference_id CVE-2006-0295;OSVDB-22893
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/16301.rb
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2006-04
reference_id mfsa2006-04
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2006-04
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/1474.pm
reference_id OSVDB-22893;CVE-2006-0295
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/1474.pm
Weaknesses
Exploits
0
date_added 2006-02-07
description Mozilla Firefox 1.5 (OSX) - 'location.QueryInterface()' Code Execution (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2006-02-08
exploit_type remote
platform osx
source_date_updated 2016-10-30
data_source Exploit-DB
source_url
1
date_added null
description 
This module exploits a code execution vulnerability in the Mozilla
          Firefox browser. To reliably exploit this vulnerability, we need to fill
          almost a gigabyte of memory with our nop sled and payload. This module has
          been tested on OS X 10.3 with the stock Firefox 1.5.0 package.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2006-02-02
exploit_type null
platform Linux,OSX
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/firefox_queryinterface.rb
Severity_range_score9.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1r4s-89nj-wbb6