CVE-2006-0295

Mozilla Firefox <1.5, Thunderbird <1.5 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2006-0295. PoCs published by Metasploit, H D Moore, hdm, including Metasploit module exploits/multi/browser/firefox_queryinterface.

AI-analyzed exploit summary This Metasploit module exploits a code execution vulnerability in Firefox 1.5.0.0 by leveraging a heap spray technique via the `location.QueryInterface()` method to achieve remote code execution. The exploit fills memory with a large NOP sled and payload, triggering the vulnerability when the target visits a malicious webpage.

Description

Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotemultiple
https://www.exploit-db.com/exploits/16301

This Metasploit module exploits a code execution vulnerability in Firefox 1.5.0.0 by leveraging a heap spray technique via the `location.QueryInterface()` method to achieve remote code execution. The exploit fills memory with a large NOP sled and payload, triggering the vulnerability when the target visits a malicious webpage.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox 1.5.0.0
No auth needed
Prerequisites: Target must visit a malicious webpage · Firefox 1.5.0.0 must be installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · remoteosx
https://www.exploit-db.com/exploits/1480

This exploit targets a code execution vulnerability in Mozilla Firefox 1.5.0 on Mac OS X via a heap spray technique using the `location.QueryInterface()` method. It delivers a PPC shellcode payload through a malicious HTML page served over HTTP.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox 1.5.0.0 on Mac OS X
No auth needed
Prerequisites: Victim must visit a malicious HTTP server controlled by the attacker · Target must be running Firefox 1.5.0.0 on Mac OS X
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · remotelinux
https://www.exploit-db.com/exploits/1474

This exploit targets a code execution vulnerability in Mozilla Firefox 1.5.0 on Linux x86 via the location.QueryInterface() method. It leverages a heap spray technique to fill memory with a NOP sled and shellcode, triggering execution when the vulnerable method is called.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox 1.5.0.0 on Linux x86
No auth needed
Prerequisites: Victim must visit a malicious webpage hosted by the attacker · Firefox 1.5.0.0 on Linux x86
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by hdm · rubypocosx
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/firefox_queryinterface.rb

This Metasploit module exploits a code execution vulnerability in Mozilla Firefox 1.5.0 via a heap spray technique using the `location.QueryInterface()` method. It generates a malicious HTML page that fills memory with a nop sled and payload to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox 1.5.0
No auth needed
Prerequisites: Victim must visit a malicious webpage · Target must be using Firefox 1.5.0 on Mac OS X or Linux
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18704
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3749
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16476
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1562
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0413
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015570
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24433
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18700
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/446657/100/200/threaded
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/759273
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-038A.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22065

Scores

EPSS 0.7074
EPSS Percentile 99.3%

Details

Status published
Products (3)
mozilla/firefox 1.5
mozilla/seamonkey 1.0 (2 CPE variants)
mozilla/thunderbird 1.5
Published Feb 02, 2006
Tracked Since Feb 18, 2026