CVE-2005-2414

xpcom - Denial of Service via Nested DIV Tags

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2414. PoCs published by GulfTech Security.

AI-analyzed exploit summary The writeup describes a race condition in XPCOM that can cause a browser crash via a malformed HTML document. It references a proof-of-concept link but does not include exploit code.

Description

Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.

Exploits (1)

exploitdb WRITEUP
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/43831

The writeup describes a race condition in XPCOM that can cause a browser crash via a malformed HTML document. It references a proof-of-concept link but does not include exploit code.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: Mozilla XPCOM (affecting Firefox, Netscape, Mozilla, Galeon, etc.)
No auth needed
Prerequisites: Victim must visit a malformed HTML page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112199282029269&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014548
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014550
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21472

Scores

EPSS 0.0339
EPSS Percentile 87.2%

Details

Status published
Products (1)
xpcom/xpcom
Published Aug 03, 2005
Tracked Since Feb 18, 2026