Vulnerability Report

CVE-2005-4134

Title: Mozilla Firefox Memory Corruption

Memory Corruption

Proof Of Concept

PoC Available for CVE-2005-4134

CWE Category NVD-CWE-noinfo

Published Date Dec 09, 2005

Modified Date Apr 03, 2025

Exploit Status Available

Score 5.0 CVSS v2.0

Exploit Probability (EPSS)

27.69%

Vulnerability Summary

CVE-2005-4134: Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

Impacted Vendors

netscape 1

mozilla 2

k-meleon_project 1

christophe_thibault 1

cloudera 1

Reference Links

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://marc.info/?l=full-disclosure&m=113404911919629&w=2 http://marc.info/?l=full-disclosure&m=113405896025702&w=2 http://secunia.com/advisories/17934 http://secunia.com/advisories/17944 http://secunia.com/advisories/17946 http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/18705 http://secunia.com/advisories/18706 http://secunia.com/advisories/18708 http://secunia.com/advisories/18709 http://secunia.com/advisories/19230 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/21033 http://secunia.com/advisories/21622 http://securitytracker.com/id?1015328 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.debian.org/security/2006/dsa-1044 http://www.debian.org/security/2006/dsa-1046 http://www.debian.org/security/2006/dsa-1051 http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 http://www.mozilla.org/security/announce/mfsa2006-03.html http://www.mozilla.org/security/history-title.html http://www.networksecurity.fi/advisories/netscape-history.html http://www.osvdb.org/21533 http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html http://www.redhat.com/support/errata/RHSA-2006-0199.html http://www.redhat.com/support/errata/RHSA-2006-0200.html http://www.securityfocus.com/archive/1/425975/100/0/threaded http://www.securityfocus.com/archive/1/425978/100/0/threaded http://www.securityfocus.com/archive/1/438730/100/0/threaded http://www.securityfocus.com/bid/15773 http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2005/2805 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619 https://usn.ubuntu.com/271-1/ https://usn.ubuntu.com/275-1/ ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://marc.info/?l=full-disclosure&m=113404911919629&w=2 http://marc.info/?l=full-disclosure&m=113405896025702&w=2 http://secunia.com/advisories/17934 http://secunia.com/advisories/17944 http://secunia.com/advisories/17946 http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/18705 http://secunia.com/advisories/18706 http://secunia.com/advisories/18708 http://secunia.com/advisories/18709 http://secunia.com/advisories/19230 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/21033 http://secunia.com/advisories/21622 http://securitytracker.com/id?1015328 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.debian.org/security/2006/dsa-1044 http://www.debian.org/security/2006/dsa-1046 http://www.debian.org/security/2006/dsa-1051 http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 http://www.mozilla.org/security/announce/mfsa2006-03.html http://www.mozilla.org/security/history-title.html http://www.networksecurity.fi/advisories/netscape-history.html http://www.osvdb.org/21533 http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html http://www.redhat.com/support/errata/RHSA-2006-0199.html http://www.redhat.com/support/errata/RHSA-2006-0200.html http://www.securityfocus.com/archive/1/425975/100/0/threaded http://www.securityfocus.com/archive/1/425978/100/0/threaded http://www.securityfocus.com/archive/1/438730/100/0/threaded http://www.securityfocus.com/bid/15773 http://www.securityfocus.com/bid/16476 http://www.vupen.com/english/advisories/2005/2805 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619 https://usn.ubuntu.com/271-1/ https://usn.ubuntu.com/275-1/

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

5.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:N/I:N/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2005-4134 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/26762

View Code

April 03, 2025 MODIFIED

Vulnerability data or affected products updated.

December 09, 2005 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected Stack

No specific products linked.