Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Fedora Core
  • Linux
  • Linux Advanced Workstation
Mozilla
  • Mozilla
Sgi
  • Propack

Configuration 1 [-]

OR cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*
cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*
cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
References
Link Resource
http://lcamtuf.coredump.cx/mangleme/gallery/ Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=109811406620511&w=2
http://securitytracker.com/id?1011810 Exploit Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-323.html Patch Vendor Advisory
http://www.securityfocus.com/bid/11439 Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-20T05:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2005-02-20T00:00:00

Link: CVE-2004-1613

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2004-10-18T04:00:00.000

Modified: 2017-10-11T01:29:46.293

Link: CVE-2004-1613

JSON object: View

cve-icon Redhat Information

No data.

CWE