CVE-2005-4134

K-meleon < 0.9 - Buffer Overflow

Title source: rule

Description

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZIPLOCK · htmldosmultiple

https://www.exploit-db.com/exploits/26762

View Code ZIP pw:eip

References (54)

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2006:036

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2006:037

[Vendor Advisory] https://usn.ubuntu.com/275-1/

[Third Party Advisory] http://secunia.com/advisories/19902

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21533

[Vendor Advisory] http://secunia.com/advisories/17944

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/438730/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/19941

[Vendor Advisory] http://secunia.com/advisories/17946

[Mailing List] http://marc.info/?l=full-disclosure&m=113405896025702&w=2

[Vendor Advisory] http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

[Third Party Advisory] http://secunia.com/advisories/21622

[Third Party Advisory] http://secunia.com/advisories/19862

[Third Party Advisory] http://secunia.com/advisories/19230

[Third Party Advisory] http://secunia.com/advisories/18704

[Various Sources] http://www.networksecurity.fi/advisories/netscape-history.html

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm

[Third Party Advisory] http://www.debian.org/security/2006/dsa-1051

[Third Party Advisory] http://secunia.com/advisories/18709

... and 34 more

Scores

EPSS 0.2769

EPSS Percentile 96.5%

Details

Status published

Products (11)

k-meleon_project/k-meleon 0.7

k-meleon_project/k-meleon 0.7_service_pack_1

k-meleon_project/k-meleon 0.8

k-meleon_project/k-meleon 0.8.1

k-meleon_project/k-meleon 0.8.2

k-meleon_project/k-meleon < 0.9

mozilla/firefox < 1.5

mozilla/mozilla_suite < 1.7.12

netscape/navigator 7.1

netscape/navigator 7.2

... and 1 more

Published Dec 09, 2005

Tracked Since Feb 18, 2026