CVE-2005-4134 - Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to c

CVE-2005-4134

Summary

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. This issue was fixed in K-Meleon version 0.9.12.

References

Vulnerable Configurations

cpe:2.3:a:k-meleon_project:k-meleon:0.7:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:0.7:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:0.7_service_pack_1:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:0.7_service_pack_1:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:0.8:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:0.8:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:*:*:*:*:*:*:*:*
cpe:2.3:a:k-meleon_project:k-meleon:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:-:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:-:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:-:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:-:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:-:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla_suite:1.7.12:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.2:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:-:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:-:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:2.02:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:2.02:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.0:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.01:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.02:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.03:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.04:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.05:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.5:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.06:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.07:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.7:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.7:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.08:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.61:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.75:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.75:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.77:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:4.77:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.0:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.01:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.1:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.2:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.02:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:7.02:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:8.0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:8.0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:8.0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:8.0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:8.0.40:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:8.0.40:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:_navigator:*:*:*:*:*:*:*
cpe:2.3:a:netscape:navigator:_navigator:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-10-2018 - 15:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

oval via4

accepted

2013-04-29T04:13:40.132-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:11382

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

accepted

2009-11-09T04:00:08.603-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Matthew Wojcik
organization The MITRE Corporation
name Matthew Wojcik
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Mike Lah
organization The MITRE Corporation

description

family

windows

oval:org.mitre.oval:def:1619

status

accepted

submitted

2006-01-07T07:15:00.000-04:00

title

Mozilla Firefox History File Buffer Overflow

version

redhat via4

advisories

rhsa
id RHSA-2006:0199
rhsa
id RHSA-2006:0200

rpms

firefox-0:1.0.7-1.4.3
firefox-debuginfo-0:1.0.7-1.4.3

refmap via4

bid	15773 16476
confirm	http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.mozilla.org/security/announce/mfsa2006-03.html
debian	DSA-1044 DSA-1046 DSA-1051
fedora	FEDORA-2006-075 FEDORA-2006-076 FLSA-2006:180036-2 FLSA:180036-1
fulldisc	20051208 Re: re: Firefox 1.5 buffer overflow (poc) 20051208 re: Firefox 1.5 buffer overflow (poc)
gentoo	GLSA-200604-12 GLSA-200604-18
hp	HPSBUX02122 SSRT061158
mandriva	MDKSA-2006:036 MDKSA-2006:037
misc	http://www.mozilla.org/security/history-title.html http://www.networksecurity.fi/advisories/netscape-history.html
osvdb	21533
sco	SCOSA-2006.26
sectrack	1015328
secunia	17934 17944 17946 18700 18704 18705 18706 18708 18709 19230 19746 19759 19852 19862 19863 19902 19941 21033 21622
sgi	20060201-01-U
sunalert	102550 228526
ubuntu	USN-271-1 USN-275-1
vupen	ADV-2005-2805 ADV-2006-0413 ADV-2006-3391

saint via4

bid	16476
description	Mozilla Firefox QueryInterface method memory corruption
id	web_client_firefox
osvdb	22893
title	firefox_queryinterface
type	client

Last major update

19-10-2018 - 15:40

Published

09-12-2005 - 15:03

Last modified

19-10-2018 - 15:40