CVE-2005-4720 - OpenCVE

Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:1.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:1.0.7:::::::*

References

Link	Resource
http://secunia.com/advisories/17071	Patch Vendor Advisory
http://security-protocols.com/modules.php?name=News&file=article&sid=2978	Exploit Vendor Advisory
http://securitytracker.com/id?1015011	Exploit
http://www.security-protocols.com/advisory/sp-x19-advisory.txt	Exploit Vendor Advisory
http://www.securityfocus.com/bid/15015	Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=303433

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:22:45

Updated: 2022-10-03T16:22:45

Reserved: 2022-10-03T00:00:00

Link: CVE-2005-4720

JSON object: View

NVD Information

Status : Analyzed

Published: 2005-12-31T05:00:00.000

Modified: 2008-09-05T20:57:37.970

Link: CVE-2005-4720

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:22:45", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1015011", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015011"}, {"name": "15015", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15015"}, {"tags": ["x_refsource_MISC"], "url": "http://www.security-protocols.com/advisory/sp-x19-advisory.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=303433"}, {"name": "17071", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17071"}, {"tags": ["x_refsource_MISC"], "url": "http://security-protocols.com/modules.php?name=News&file=article&sid=2978"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-4720", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1015011", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015011"}, {"name": "15015", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15015"}, {"name": "http://www.security-protocols.com/advisory/sp-x19-advisory.txt", "refsource": "MISC", "url": "http://www.security-protocols.com/advisory/sp-x19-advisory.txt"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=303433", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=303433"}, {"name": "17071", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17071"}, {"name": "http://security-protocols.com/modules.php?name=News&file=article&sid=2978", "refsource": "MISC", "url": "http://security-protocols.com/modules.php?name=News&file=article&sid=2978"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-4720", "datePublished": "2022-10-03T16:22:45", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:22:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack."}], "id": "CVE-2005-4720", "lastModified": "2008-09-05T20:57:37.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/17071"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://security-protocols.com/modules.php?name=News&file=article&sid=2978"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1015011"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.security-protocols.com/advisory/sp-x19-advisory.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/15015"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=303433"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}