CVE-2005-4134 — MEDIUM (5.0)

Q: How severe is CVE-2005-4134?

CVE-2005-4134 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-4134?

Check the references section above for vendor advisories and patch information. Affected products include: K-Meleon Project K-Meleon, Mozilla Firefox, Mozilla Mozilla Suite, Netscape Navigator.

Vulnerability Description

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
K-Meleon Project	K-Meleon	<= 0.9
Mozilla	Firefox	<= 1.5
Mozilla	Mozilla Suite	<= 1.7.12
Netscape	Navigator	<= 8.0.40

References

FAQ

What is CVE-2005-4134?

CVE-2005-4134 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a lar...

How severe is CVE-2005-4134?

CVE-2005-4134 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-4134?

Check the references section above for vendor advisories and patch information. Affected products include: K-Meleon Project K-Meleon, Mozilla Firefox, Mozilla Mozilla Suite, Netscape Navigator.