Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4134

14 documents8 sources
Severity
5.0MEDIUM
EPSS
27.7%
top 3.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
K-meleon Project K-meleonMozilla FirefoxMozilla Mozilla Suite+1 more
Timeline
PublishedDec 9
Latest updateMay 3

Description

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does no

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

NVDnetscape/navigator8.0.40+2

🔴Vulnerability Details

2
GHSA
GHSA-q5x9-vpfc-fjcq: Mozilla Firefox 12022-05-03
CVEList
CVE-2005-4134: Mozilla Firefox 12005-12-09

💥Exploits & PoCs

1
Exploit-DB
Mozilla Firefox 0.x/1.x - Large History File Buffer Overflow2005-12-08

📋Vendor Advisories

4
Ubuntu
Mozilla vulnerabilities2006-04-28
Ubuntu
Firefox vulnerabilities2006-04-20
Red Hat
security flaw2005-12-03
Debian
CVE-2005-4134: firefox - Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows r...2005

💬Community

6
Bugzilla
CVE-2005-4134 security flaw2018-08-16
Bugzilla
CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 critical mozilla vulnerabilities2006-02-04
Bugzilla
CVE-2005-4134 Very long topic history.dat DoS2006-01-27
Bugzilla
CVE-2005-4134 Very long topic history.dat DoS2006-01-27
Bugzilla
CVE-2005-4134 Very long topic history.dat DoS2006-01-27