CVE-2005-4134

Summary

CVE	CVE-2005-4134
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-12-09 15:03:00 UTC
Updated	2025-04-03 01:03:51 UTC
Description	Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

Risk And Classification

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:P

Problem Types: NVD-CWE-Other | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	K-meleon Project	K-meleon	0.7	All	All	All
Application	K-meleon Project	K-meleon	0.7_service_pack_1	All	All	All
Application	K-meleon Project	K-meleon	0.8	All	All	All
Application	K-meleon Project	K-meleon	0.8.1	All	All	All
Application	K-meleon Project	K-meleon	0.8.2	All	All	All
Application	K-meleon Project	K-meleon	All	All	All	All
Application	Mozilla	Firefox	All	All	All	All
Application	Mozilla	Mozilla Suite	All	All	All	All
Application	Netscape	Navigator	7.1	All	All	All
Application	Netscape	Navigator	7.2	All	All	All
Application	Netscape	Navigator	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
Ubuntu update for mozilla - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Debian update for mozilla-thunderbird - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Sun Solaris update for mozilla - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Debian -- Security Information -- DSA-1051-1 mozilla-thunderbird	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
Gentoo Linux Documentation -- Mozilla Suite: Multiple vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.gentoo.org
Secunia - Advisories - Mozilla Suite History Information Denial of Service Weakness	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
This domain name is registered with Netim	af854a3a-2127-422b-91ae-364da2661108	www.networksecurity.fi
ASA-2006-205 (SUN 102502, 102513, 102514, 102519, 102550, 102556, 102557, 102582, 102588, 102589, 102593)	af854a3a-2127-422b-91ae-364da2661108	support.avaya.com
sunsolve.sun.com/search/document.do	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com
MFSA 2006-03: Long document title causes startup denial of Service	af854a3a-2127-422b-91ae-364da2661108	www.mozilla.org
Debian -- Security Information -- DSA-1044-1 mozilla-firefox	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
Red Hat update for firefox - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Secunia - Advisories - Fedora update for mozilla	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
'Re: [Full-disclosure] re: Firefox 1.5 buffer overflow (poc)' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
patches.sgi.com/support/free/security/advisories/20060201-01-U	af854a3a-2127-422b-91ae-364da2661108	patches.sgi.com
Red Hat update for mozilla - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Gentoo update for mozilla - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
[SECURITY] Fedora Core 4 Update: firefox-1.0.7-1.2.fc4	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Advisories - Mandriva Linux	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Debian update for mozilla - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Ubuntu update for firefox - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt	af854a3a-2127-422b-91ae-364da2661108	ftp.sco.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Gentoo update for mozilla-firefox / mozilla-firefox-bin - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
'[Full-disclosure] re: Firefox 1.5 buffer overflow (poc)' - MARC	af854a3a-2127-422b-91ae-364da2661108	marc.info
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Advisories - Mandriva Linux	af854a3a-2127-422b-91ae-364da2661108	www.mandriva.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Secunia - Advisories - Fedora update for firefox	af854a3a-2127-422b-91ae-364da2661108	secunia.com
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
USN-275-1: Mozilla vulnerabilities \| Ubuntu security notices	af854a3a-2127-422b-91ae-364da2661108	usn.ubuntu.com
Gentoo Linux Documentation -- Mozilla Firefox: Multiple vulnerabilities	af854a3a-2127-422b-91ae-364da2661108	www.gentoo.org
Webmail - OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
SecurityTracker.com Archives - Mozilla Firefox Buffer Overflow in Loading 'history.dat' Lets Remote Users Deny Service	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
www.osvdb.org/21533	af854a3a-2127-422b-91ae-364da2661108	www.osvdb.org
Debian -- Security Information -- DSA-1046-1 mozilla	af854a3a-2127-422b-91ae-364da2661108	www.debian.org
rhn.redhat.com \| Red Hat Support	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Long-title temporary startup unresponsiveness	af854a3a-2127-422b-91ae-364da2661108	www.mozilla.org
Thunderbird Multiple Vulnerabilities - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
[SECURITY] Fedora Core 4 Update: mozilla-1.7.12-1.5.2	af854a3a-2127-422b-91ae-364da2661108	www.redhat.com
Mozilla Firefox Large History File Buffer Overflow Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Secunia - Advisories - Mozilla Firefox History Information Denial of Service Weakness	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
UnixWare update for mozilla - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
#102550: Multiple Security Vulnerabilites in Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux	af854a3a-2127-422b-91ae-364da2661108	sunsolve.sun.com
Secunia - Advisories - Netscape History Information Denial of Service Weakness	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
Debian update for mozilla-firefox - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Firefox Multiple Vulnerabilities - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
USN-271-1: Firefox vulnerabilities \| Ubuntu security notices	af854a3a-2127-422b-91ae-364da2661108	usn.ubuntu.com
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
Repository / Oval Repository	af854a3a-2127-422b-91ae-364da2661108	oval.cisecurity.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.