CVE-2005-2414

Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=112199282029269&w=2
http://securitytracker.com/id?1014548
http://securitytracker.com/id?1014550
http://www.gulftech.org/?node=research&article_id=00091-07212005
https://exchange.xforce.ibmcloud.com/vulnerabilities/21472

Configurations

Configuration 1 (hide)

cpe:2.3:a:xpcom:xpcom:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-08-03 04:00

Updated : 2017-07-11 01:32

NVD link : CVE-2005-2414

Mitre link : CVE-2005-2414

CVE.ORG link : CVE-2005-2414

JSON object : View

Products Affected

xpcom

xpcom

CWE

NVD-CWE-Other

{"id": "CVE-2005-2414", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-08-03T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=112199282029269&w=2", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1014548", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1014550", "source": "cve@mitre.org"}, {"url": "http://www.gulftech.org/?node=research&article_id=00091-07212005", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21472", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted."}, {"lang": "es", "value": "Vulnerabilidad \"race condition\" en la librer\u00eda xpcom, usada por Firefox, Mozilla, Netscape y Galeon, permite que atacantes remotos causen una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante un fichero HTML grande que carga una llamada DOM desde dentro de tags DIV anidados. Esto causa que partes de la p\u00e1gina y objetos referenciados sean borrados."}], "lastModified": "2017-07-11T01:32:49.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xpcom:xpcom:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B491A4A7-C60F-4E62-A877-B86BD03C56ED"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}