CVE-2005-4134

Severity

50%

Complexity

99%

Confidentiality

48%

This issue was fixed in K-Meleon version 0.9.12.

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

This issue was fixed in K-Meleon version 0.9.12.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 19 years ago

2005-12-09 15:03:00

Last updated 6 years ago

2018-10-19 15:40:00

Affected Software

Mozilla Firefox

Mozilla Mozilla Suite

Netscape Navigator 7.1

7.1

Netscape Navigator 7.2

7.2

Netscape Navigator

References

SCOSA-2006.26

20060201-01-U

20051208 re: Firefox 1.5 buffer overflow (poc)

20051208 Re: re: Firefox 1.5 buffer overflow (poc)

17934

Vendor Advisory

17944

Vendor Advisory

17946

Vendor Advisory

18700

18704

18705

18706

18708

18709

19230

19746

19759

19852

19862

19863

19902

19941

21033

21622

1015328

102550

228526

http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

DSA-1044

DSA-1046

DSA-1051

GLSA-200604-12

GLSA-200604-18

MDKSA-2006:036

MDKSA-2006:037

http://www.mozilla.org/security/announce/mfsa2006-03.html

http://www.mozilla.org/security/history-title.html

http://www.networksecurity.fi/advisories/netscape-history.html

21533

FEDORA-2006-075

FEDORA-2006-076

RHSA-2006:0199

RHSA-2006:0200

FLSA:180036-1

FLSA-2006:180036-2

HPSBUX02122

15773

16476

ADV-2005-2805

ADV-2006-0413

ADV-2006-3391

oval:org.mitre.oval:def:11382

oval:org.mitre.oval:def:1619

USN-271-1

USN-275-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.