Vulnerabilities > CVE-2005-4720 - Denial Of Service vulnerability in Mozilla Firefox IFRAME Handling
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Mozilla Firefox 1.0.6/1.0.7 IFRAME Handling Denial Of Service Vulnerability. CVE-2005-4720. Dos exploits for multiple platform |
id | EDB-ID:26325 |
last seen | 2016-02-03 |
modified | 2005-10-05 |
published | 2005-10-05 |
reporter | Tom Ferris |
source | https://www.exploit-db.com/download/26325/ |
title | Mozilla Firefox 1.0.6/1.0.7 IFRAME Handling Denial of Service Vulnerability |
References
- http://secunia.com/advisories/17071
- http://security-protocols.com/modules.php?name=News&file=article&sid=2978
- http://securitytracker.com/id?1015011
- http://www.securityfocus.com/bid/15015
- http://www.security-protocols.com/advisory/sp-x19-advisory.txt
- https://bugzilla.mozilla.org/show_bug.cgi?id=303433