CVE-2005-2414

Xpcom - Denial of Service

Title source: rule

Description

Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43831

View Code ZIP pw:eip

References (5)

[Mailing List] http://marc.info/?l=bugtraq&m=112199282029269&w=2

[Various Sources] http://www.gulftech.org/?node=research&article_id=00091-07212005

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/21472

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1014548

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1014550

Scores

EPSS 0.0500

EPSS Percentile 89.5%

Classification

Status draft

Affected Products (1)

xpcom/xpcom

Timeline

Published Aug 03, 2005

Tracked Since Feb 18, 2026