CVE-2005-4134 : Detail

CVE-2005-4134

94.9%V3
Network
2005-12-09
14h00 +00:00
2018-10-19
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 5 AV:N/AC:L/Au:N/C:N/I:N/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 26762

Publication date : 2005-12-07 23h00 +00:00
Author : ZIPLOCK
EDB Verified : Yes

source: https://www.securityfocus.com/bid/15773/info Mozilla Firefox is reportedly prone to a remote denial-of-service vulnerability. This issue presents itself when the browser handles a large entry in the 'history.dat' file. An attacker may trigger this issue by enticing a user to visit a malicious website and by supplying excessive data to be stored in the affected file. This may cause a denial-of-service condition. **UPDATE: Proof-of-concept exploit code has been published. The author of the code attributes the crash to a buffer-overflow condition. Symantec has not reproduced the alleged flaw. <!-- Firefox 1.5 buffer overflow Basically firefox logs all kinda of URL data in it's history.dat file, this little script will set a really large topic and Firefox will then save that topic into it's history.dat.. The next time that firefox is opened, it will instantly crash due to a buffer overflow -- this will happen everytime until you manually delete the history.dat file -- which most users won't figure out. this proof of concept will only prevent someone from reopening their browser after being exploited. DoS if you will. however, code execution is possible with some modifcations. Tested with Firefox 1.5 on Windows XP SP2. ZIPLOCK <[email protected]> --> <html><head><title>heh</title><script type="text/javascript"> function ex() { var buffer = ""; for (var i = 0; i < 5000; i++) { buffer += "A"; } var buffer2 = buffer; for (i = 0; i < 500; i++) { buffer2 += buffer; } document.title = buffer2; } </script></head><body>ZIPLOCK says <a href="javascript:ex();">CLICK ME </a></body></html>

Products Mentioned

Configuraton 0

K-meleon_project>>K-meleon >> Version To (including) 0.9

K-meleon_project>>K-meleon >> Version 0.7

K-meleon_project>>K-meleon >> Version 0.7_service_pack_1

    K-meleon_project>>K-meleon >> Version 0.8

    K-meleon_project>>K-meleon >> Version 0.8.1

    K-meleon_project>>K-meleon >> Version 0.8.2

    Mozilla>>Firefox >> Version To (including) 1.5

    Mozilla>>Mozilla_suite >> Version To (including) 1.7.12

    Netscape>>Navigator >> Version To (including) 8.0.40

    Netscape>>Navigator >> Version 7.1

    Netscape>>Navigator >> Version 7.2

    References

    http://www.mandriva.com/security/advisories?name=MDKSA-2006:036
    Tags : vendor-advisory, x_refsource_MANDRIVA
    https://usn.ubuntu.com/275-1/
    Tags : vendor-advisory, x_refsource_UBUNTU
    http://secunia.com/advisories/19902
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.osvdb.org/21533
    Tags : vdb-entry, x_refsource_OSVDB
    http://www.mandriva.com/security/advisories?name=MDKSA-2006:037
    Tags : vendor-advisory, x_refsource_MANDRIVA
    http://secunia.com/advisories/17944
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/19941
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/17946
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://marc.info/?l=full-disclosure&m=113405896025702&w=2
    Tags : mailing-list, x_refsource_FULLDISC
    http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
    Tags : vendor-advisory, x_refsource_GENTOO
    http://secunia.com/advisories/21622
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/19862
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/19230
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/18704
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.debian.org/security/2006/dsa-1051
    Tags : vendor-advisory, x_refsource_DEBIAN
    http://secunia.com/advisories/18709
    Tags : third-party-advisory, x_refsource_SECUNIA
    https://usn.ubuntu.com/271-1/
    Tags : vendor-advisory, x_refsource_UBUNTU
    http://secunia.com/advisories/18705
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
    Tags : vendor-advisory, x_refsource_GENTOO
    http://www.securityfocus.com/bid/16476
    Tags : vdb-entry, x_refsource_BID
    http://www.vupen.com/english/advisories/2006/0413
    Tags : vdb-entry, x_refsource_VUPEN
    http://securitytracker.com/id?1015328
    Tags : vdb-entry, x_refsource_SECTRACK
    http://secunia.com/advisories/19746
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/21033
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/18700
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
    Tags : vendor-advisory, x_refsource_SUNALERT
    http://secunia.com/advisories/19759
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.redhat.com/support/errata/RHSA-2006-0200.html
    Tags : vendor-advisory, x_refsource_REDHAT
    http://secunia.com/advisories/18706
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/17934
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.securityfocus.com/bid/15773
    Tags : vdb-entry, x_refsource_BID
    http://www.redhat.com/support/errata/RHSA-2006-0199.html
    Tags : vendor-advisory, x_refsource_REDHAT
    http://secunia.com/advisories/19863
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/425978/100/0/threaded
    Tags : vendor-advisory, x_refsource_FEDORA
    http://secunia.com/advisories/18708
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2005/2805
    Tags : vdb-entry, x_refsource_VUPEN
    http://www.securityfocus.com/archive/1/425975/100/0/threaded
    Tags : vendor-advisory, x_refsource_FEDORA
    http://marc.info/?l=full-disclosure&m=113404911919629&w=2
    Tags : mailing-list, x_refsource_FULLDISC
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
    Tags : vendor-advisory, x_refsource_SUNALERT
    http://secunia.com/advisories/19852
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2006/3391
    Tags : vdb-entry, x_refsource_VUPEN
    http://www.debian.org/security/2006/dsa-1046
    Tags : vendor-advisory, x_refsource_DEBIAN
    http://www.debian.org/security/2006/dsa-1044
    Tags : vendor-advisory, x_refsource_DEBIAN