CVE-2005-4134

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

Affected Software

Name	Vendor	Start Version	End Version
K-meleon	K-meleon_project	*	0.9 (including)
K-meleon	K-meleon_project	0.7 (including)	0.7 (including)
K-meleon	K-meleon_project	0.7_service_pack_1 (including)	0.7_service_pack_1 (including)
K-meleon	K-meleon_project	0.8 (including)	0.8 (including)
K-meleon	K-meleon_project	0.8.1 (including)	0.8.1 (including)
K-meleon	K-meleon_project	0.8.2 (including)	0.8.2 (including)
Firefox	Mozilla	*	1.5 (including)
Mozilla_suite	Mozilla	*	1.7.12 (including)
Navigator	Netscape	*	8.0.40 (including)
Navigator	Netscape	7.1 (including)	7.1 (including)
Navigator	Netscape	7.2 (including)	7.2 (including)
Red Hat Enterprise Linux 4	RedHat	firefox-0:1.0.7-1.4.3	*
Firefox	Ubuntu	dapper	*
Firefox	Ubuntu	edgy	*
Firefox	Ubuntu	feisty	*
Firefox-granparadiso	Ubuntu	devel	*
Lightning-sunbird	Ubuntu	devel	*
Midbrowser	Ubuntu	devel	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4134
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References