Vulnerability Description
Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded ctrl-U.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Mozilla | All versions |
Related Weaknesses (CWE)
References
- http://bugzilla.mozilla.org/show_bug.cgi?id=243540Vendor Advisory
- http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16225
- http://bugzilla.mozilla.org/show_bug.cgi?id=243540Vendor Advisory
- http://lists.immunitysec.com/pipermail/dailydave/2004-May/000587.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16225
FAQ
What is CVE-2004-0478?
CVE-2004-0478 is a vulnerability with a CVSS score of 2.6 (LOW). Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as th...
How severe is CVE-2004-0478?
CVE-2004-0478 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0478?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Mozilla.