CVE-2005-4720
published 2005-12-31CVE-2005-4720: Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.22%
94.2th percentile
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 1.5.dfsg-1 (sid) | firefox 1.5.dfsg-1 (sid) |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4677-48q7-5jfp: Mozilla Firefox 1
ghsa_unreviewed·2022-05-01
CVE-2005-4720 [MEDIUM] GHSA-4677-48q7-5jfp: Mozilla Firefox 1
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.
Debian
CVE-2005-4720: firefox - Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a de...
vendor_debian·2005·CVSS 5.0
CVE-2005-4720 [MEDIUM] CVE-2005-4720: firefox - Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a de...
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.
Scope: local
sid: resolved (fixed in 1.5.dfsg-1)
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/17071http://security-protocols.com/modules.php?name=News&file=article&sid=2978http://securitytracker.com/id?1015011http://www.security-protocols.com/advisory/sp-x19-advisory.txthttp://www.securityfocus.com/bid/15015https://bugzilla.mozilla.org/show_bug.cgi?id=303433http://secunia.com/advisories/17071http://security-protocols.com/modules.php?name=News&file=article&sid=2978http://securitytracker.com/id?1015011http://www.security-protocols.com/advisory/sp-x19-advisory.txthttp://www.securityfocus.com/bid/15015https://bugzilla.mozilla.org/show_bug.cgi?id=303433
2005-12-31
Published