CVE-2005-4134 — Vulnetix

Try Vulnetix Request Demo

CVE-2005-4134 PUBLISHED CVSS 5 MEDIUM

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

EPSS 27.69% · 96.4th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

27.69%

96.4th percentile

Affected Products

Vendor	Product	Versions
netscape	navigator	7.1, 7.2, 0
mozilla	firefox	0
k-meleon_project	k-meleon	0.8, 0.8.1, 0.8.2
mozilla	mozilla_suite	0
n/a	n/a	*

Timeline

Dec 9, 2005 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 3, 2022 CVE Updated
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

MDKSA-2006:036 vendor-advisory
USN-275-1 vendor-advisory
19902 third-party-advisory
21533 vdb
MDKSA-2006:037 vendor-advisory
17944 third-party-advisory
HPSBUX02122 vendor-advisory
19941 third-party-advisory
17946 third-party-advisory
20051208 Re: re: Firefox 1.5 buffer overflow (poc) mailing-list
FEDORA-2006-075 vendor-advisory
GLSA-200604-12 vendor-advisory
21622 third-party-advisory
19862 third-party-advisory
19230 third-party-advisory
18704 third-party-advisory
http://www.networksecurity.fi/advisories/netscape-history.html url
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm url
DSA-1051 vendor-advisory
18709 third-party-advisory

…and 37 more

Open in Interactive Console →