cbcvebase.
CVE-2005-4134
published 2005-12-09

CVE-2005-4134: Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed…

PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
12.59%
95.7th percentile
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 1.5.dfsg+1.5.0.2-2 (sid)firefox 1.5.dfsg+1.5.0.2-2 (sid)
k-meleon_projectk-meleon<= 0.9
k-meleon_projectk-meleon
k-meleon_projectk-meleon
k-meleon_projectk-meleon
k-meleon_projectk-meleon
k-meleon_projectk-meleon
mozillafirefox<= 1.5
mozillamozilla_suite<= 1.7.12
netscapenavigator<= 8.0.40
netscapenavigator
netscapenavigator

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.