Denial of Service Vulnerability in Mozilla Firefox and Netscape
CVE-2005-4134

Currently unrated

Key Information:

Vendor: Mozilla
Status: Mozilla Suite; K-meleon; Navigator; Firefox
Vendor: CVE Published:; 9 December 2005

Summary

An issue in Mozilla Firefox 1.5, Netscape 8.0.4, 7.2, and earlier versions of K-Meleon allows remote attackers to exploit the browser's history processing. By accessing a specially crafted webpage with an excessively large title, attackers can induce high CPU consumption and prolonged startup delays. The vulnerability arises because the browser inadequately processes the history file, leading to potential service disruptions without triggering a crash. It's important to note that the current vendor assessments indicate that this issue does not result in crashes or buffer overflows.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/19902

third-party-advisoryx_refsource_SECUNIA

EPSS Score

27% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 9, 2005
Vulnerability Reserved
Dec 9, 2005