CVE-2005-4134

Currently unrated

Key Information:

Vendor: Mozilla
Status: Mozilla Suite; K-meleon; Navigator; Firefox
Vendor: CVE Published:; 9 December 2005

Summary

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://usn.ubuntu.com/275-1/

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/19902

third-party-advisoryx_refsource_SECUNIA

EPSS Score

94% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 9, 2005
Vulnerability Reserved
Dec 9, 2005