CVE-2005-2414 - OpenCVE

Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:H/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xpcom	Xpcom

Configuration 1 [-]

cpe:2.3:a:xpcom:xpcom:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=112199282029269&w=2
http://securitytracker.com/id?1014548
http://securitytracker.com/id?1014550
http://www.gulftech.org/?node=research&article_id=00091-07212005
https://exchange.xforce.ibmcloud.com/vulnerabilities/21472

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-03T04:00:00

Updated: 2024-08-07T22:22:49.248Z

Reserved: 2005-08-03T00:00:00

Link: CVE-2005-2414

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-08-03T04:00:00.000

Modified: 2017-07-11T01:32:49.673

Link: CVE-2005-2414

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-07-21T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050721 Mozilla XPCOM Library Race Condition", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112199282029269&w=2"}, {"name": "1014548", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014548"}, {"tags": ["x_refsource_MISC"], "url": "http://www.gulftech.org/?node=research&article_id=00091-07212005"}, {"name": "1014550", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014550"}, {"name": "mozilla-xpcom-race-condition(21472)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21472"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2414", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050721 Mozilla XPCOM Library Race Condition", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112199282029269&w=2"}, {"name": "1014548", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014548"}, {"name": "http://www.gulftech.org/?node=research&article_id=00091-07212005", "refsource": "MISC", "url": "http://www.gulftech.org/?node=research&article_id=00091-07212005"}, {"name": "1014550", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014550"}, {"name": "mozilla-xpcom-race-condition(21472)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21472"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:22:49.248Z"}, "title": "CVE Program Container", "references": [{"name": "20050721 Mozilla XPCOM Library Race Condition", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112199282029269&w=2"}, {"name": "1014548", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1014548"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.gulftech.org/?node=research&article_id=00091-07212005"}, {"name": "1014550", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1014550"}, {"name": "mozilla-xpcom-race-condition(21472)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21472"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2414", "datePublished": "2005-08-03T04:00:00", "dateReserved": "2005-08-03T00:00:00", "dateUpdated": "2024-08-07T22:22:49.248Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xpcom:xpcom:*:*:*:*:*:*:*:*", "matchCriteriaId": "B491A4A7-C60F-4E62-A877-B86BD03C56ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted."}, {"lang": "es", "value": "Vulnerabilidad \"race condition\" en la librer\u00eda xpcom, usada por Firefox, Mozilla, Netscape y Galeon, permite que atacantes remotos causen una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante un fichero HTML grande que carga una llamada DOM desde dentro de tags DIV anidados. Esto causa que partes de la p\u00e1gina y objetos referenciados sean borrados."}], "id": "CVE-2005-2414", "lastModified": "2017-07-11T01:32:49.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-08-03T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112199282029269&w=2"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014548"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014550"}, {"source": "cve@mitre.org", "url": "http://www.gulftech.org/?node=research&article_id=00091-07212005"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21472"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}