CVE-2005-4134
K-Meleon < 0.9 - Denial of Service via Large Web Page Title
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-4134. PoCs published by ZIPLOCK.
AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) condition in Mozilla Firefox 1.5 by overflowing the 'history.dat' file with an excessively large string. The PoC uses JavaScript to set a large document title, which Firefox logs, causing a crash on subsequent browser launches.
Description
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by ZIPLOCK · htmldosmultiple
https://www.exploit-db.com/exploits/26762
This exploit triggers a denial-of-service (DoS) condition in Mozilla Firefox 1.5 by overflowing the 'history.dat' file with an excessively large string. The PoC uses JavaScript to set a large document title, which Firefox logs, causing a crash on subsequent browser launches.
Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target:
Mozilla Firefox 1.5
No auth needed
Prerequisites:
User interaction (clicking a link) · Firefox 1.5 with history logging enabled
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (54)
Core 54
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:036
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:037
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/275-1/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19902
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21533
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17944
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/438730/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19941
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17946
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=113405896025702&w=2
Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21622
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19862
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19230
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18704
Various Sources x_refsource_misc
http://www.networksecurity.fi/advisories/netscape-history.html
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1051
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18709
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/271-1/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18705
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16476
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0413
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/mfsa2006-03.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015328
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19746
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21033
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18700
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19759
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0200.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18706
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17934
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15773
Vendor Advisory vendor-advisory
x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
Various Sources x_refsource_misc
http://www.mozilla.org/security/history-title.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0199.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19863
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_fedora
http://www.securityfocus.com/archive/1/425978/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
Various Sources vendor-advisory
x_refsource_sco
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18708
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2805
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_fedora
http://www.securityfocus.com/archive/1/425975/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=113404911919629&w=2
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19852
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3391
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1046
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1044
Scores
EPSS
0.1259
EPSS Percentile
95.7%
Details
Status
published
Products (11)
k-meleon_project/k-meleon
0.7
k-meleon_project/k-meleon
0.7_service_pack_1
k-meleon_project/k-meleon
0.8
k-meleon_project/k-meleon
0.8.1
k-meleon_project/k-meleon
0.8.2
k-meleon_project/k-meleon
< 0.9
mozilla/firefox
< 1.5
mozilla/mozilla_suite
< 1.7.12
netscape/navigator
7.1
netscape/navigator
7.2
... and 1 more
Published
Dec 09, 2005
Tracked Since
Feb 18, 2026