Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1613

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1613
Last Modified 21 Aug 2010 12:22:50
Published 18 Oct 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1613

Summary

Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Fedora Core Core 1.0

  • Redhat Fedora Core Core 2.0

  • Redhat Linux 7.3

  • Redhat Linux 9.0

  • Redhat Linux Advanced Workstation 2.1

Application

  • Mozilla 1.0

  • Mozilla 1.0.1

  • Mozilla 1.0.2

  • Mozilla 1.1

  • Mozilla 1.2

  • Mozilla 1.2.1

  • Mozilla 1.3

  • Mozilla 1.3.1

  • Mozilla 1.4

  • Mozilla 1.4.1

  • Mozilla 1.4.2

  • Mozilla 1.4.4

  • Mozilla 1.5

  • Mozilla 1.6

  • Mozilla 1.7

  • Mozilla 1.7.1

  • Mozilla 1.7.2

  • Mozilla 1.7.3

  • Mozilla 1.8

  • Sgi Propack 3.0


References

BID - 11439

REDHAT - RHSA-2005:323

XF - mozilla-html-tags-dos(17805)

SECTRACK - 1011810

BUGTRAQ - 20041018 Web browsers - a mini-farce

MISC - http://lcamtuf.coredump.cx/mangleme/gallery/


Last Updated: 27 May 2016 10:39:06