CVE-2005-2414 - OpenCVE

Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:H/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xpcom	Xpcom

Configuration 1 [-]

cpe:2.3:a:xpcom:xpcom:*:*:*:*:*:*:*:*

References

Link	Resource
http://marc.info/?l=bugtraq&m=112199282029269&w=2
http://securitytracker.com/id?1014548
http://securitytracker.com/id?1014550
http://www.gulftech.org/?node=research&article_id=00091-07212005
https://exchange.xforce.ibmcloud.com/vulnerabilities/21472

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-03T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-08-03T00:00:00

Link: CVE-2005-2414

JSON object: View

NVD Information

Status : Modified

Published: 2005-08-03T04:00:00.000

Modified: 2017-07-11T01:32:49.673

Link: CVE-2005-2414

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-07-21T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050721 Mozilla XPCOM Library Race Condition", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112199282029269&w=2"}, {"name": "1014548", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014548"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gulftech.org/?node=research&article_id=00091-07212005"}, {"name": "1014550", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014550"}, {"name": "mozilla-xpcom-race-condition(21472)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21472"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2414", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050721 Mozilla XPCOM Library Race Condition", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112199282029269&w=2"}, {"name": "1014548", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014548"}, {"name": "http://www.gulftech.org/?node=research&article_id=00091-07212005", "refsource": "MISC", "url": "http://www.gulftech.org/?node=research&article_id=00091-07212005"}, {"name": "1014550", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014550"}, {"name": "mozilla-xpcom-race-condition(21472)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21472"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2414", "datePublished": "2005-08-03T04:00:00", "dateReserved": "2005-08-03T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xpcom:xpcom:*:*:*:*:*:*:*:*", "matchCriteriaId": "B491A4A7-C60F-4E62-A877-B86BD03C56ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted."}, {"lang": "es", "value": "Vulnerabilidad \"race condition\" en la librer\u00eda xpcom, usada por Firefox, Mozilla, Netscape y Galeon, permite que atacantes remotos causen una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante un fichero HTML grande que carga una llamada DOM desde dentro de tags DIV anidados. Esto causa que partes de la p\u00e1gina y objetos referenciados sean borrados."}], "id": "CVE-2005-2414", "lastModified": "2017-07-11T01:32:49.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-08-03T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112199282029269&w=2"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014548"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014550"}, {"source": "cve@mitre.org", "url": "http://www.gulftech.org/?node=research&article_id=00091-07212005"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21472"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}