Vulnerability Name: CVE-2004-1613 (CCN-17805) Assigned: 2004-10-18 Published: 2004-10-18 Updated: 2017-10-11 Summary: Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-Other Vulnerability Consequences: Denial of Service References: Source: CCNWeb browsers - a mini-farce CVE-2004-1613 CVE-2004-1614 http://lcamtuf.coredump.cx/mangleme/gallery/ 20041018 Web browsers - a mini-farce 20041018 Web browsers - a mini-farce mozilla security update Mozilla HTML Parsing Errors Let Remote Users Deny Service 1011810 Mozilla Security Update Mozilla Multiple MARQUEE Tag HTML Parsing DoS RHSA-2005:323 11439 Mozilla Multiple Memory Corruption Vulnerabilities Mozilla Invalid Pointer Dereference Vulnerability Crashes found with Zalewski's mangleme (Bugtraq: "browsers, a mini-farce") mozilla-html-tags-dos(17805) mozilla-html-tags-dos(17805) oval:org.mitre.oval:def:10227 Vulnerable Configuration: Configuration 1 :cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:* OR cpe:/a:sgi:propack:3.0:*:*:*:*:*:*:* Configuration 2 :cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:* OR cpe:/o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:* OR cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:i386:*:*:*:*:* OR cpe:/o:redhat:linux:7.3:*:i686:*:*:*:*:* OR cpe:/o:redhat:linux:9.0:*:i386:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:* Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.6:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.10:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.12:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.1:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.2:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.4:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.6:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.11:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.4:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.7:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7.9:*:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:alpha:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:beta:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.7:rc2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.8:alpha1:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.8:alpha3:*:*:*:*:*:* OR cpe:/a:mozilla:mozilla:1.8:alpha4:*:*:*:*:*:* AND cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:* OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:* Oval Definitions Definition ID Class Title Last Modified oval:org.mitre.oval:def:10227 V Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. 2013-04-29 oval:com.redhat.rhsa:def:20050323 P RHSA-2005:323: mozilla security update (Critical) 2005-03-23
BACK
mozilla mozilla 1.0
mozilla mozilla 1.0 rc1
mozilla mozilla 1.0 rc2
mozilla mozilla 1.0.1
mozilla mozilla 1.0.2
mozilla mozilla 1.1
mozilla mozilla 1.1 alpha
mozilla mozilla 1.1 beta
mozilla mozilla 1.2
mozilla mozilla 1.2 alpha
mozilla mozilla 1.2 beta
mozilla mozilla 1.2.1
mozilla mozilla 1.3
mozilla mozilla 1.3.1
mozilla mozilla 1.4
mozilla mozilla 1.4 alpha
mozilla mozilla 1.4 beta
mozilla mozilla 1.4.1
mozilla mozilla 1.4.2
mozilla mozilla 1.4.4
mozilla mozilla 1.5
mozilla mozilla 1.6
mozilla mozilla 1.7
mozilla mozilla 1.7 rc3
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3
mozilla mozilla 1.8 alpha2
sgi propack 3.0
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3.0
redhat enterprise linux 3.0
redhat enterprise linux 3.0
redhat enterprise linux desktop 3.0
redhat fedora core core_1.0
redhat fedora core core_2.0
redhat linux 7.3
redhat linux 7.3
redhat linux 7.3
redhat linux 9.0
redhat linux advanced workstation 2.1
mozilla mozilla 1.0 rc1
mozilla mozilla 1.0
mozilla mozilla 1.0.1
mozilla mozilla 1.1
mozilla mozilla 1.2.1
mozilla mozilla 1.3
mozilla mozilla 1.4
mozilla mozilla 1.3.1
mozilla mozilla 1.6
mozilla mozilla 1.7 rc3
mozilla mozilla 1.7
mozilla mozilla 1.7.1
mozilla mozilla 1.7.2
mozilla mozilla 1.7.3
mozilla mozilla 1.7.5
mozilla mozilla 1.7.6
mozilla mozilla 1.7.8
mozilla mozilla 1.7.10
mozilla mozilla 1.7.12
mozilla mozilla 1.0.2
mozilla mozilla 1.1 alpha
mozilla mozilla 1.1 beta
mozilla mozilla 1.2
mozilla mozilla 1.2 alpha
mozilla mozilla 1.2 beta
mozilla mozilla 1.4.1
mozilla mozilla 1.4.2
mozilla mozilla 1.4.4
mozilla mozilla 1.4 alpha
mozilla mozilla 1.4 beta
mozilla mozilla 1.5
mozilla mozilla 1.5.1
mozilla mozilla 1.5 alpha
mozilla mozilla 1.5 rc1
mozilla mozilla 1.5 rc2
mozilla mozilla 1.6 alpha
mozilla mozilla 1.6 beta
mozilla mozilla 1.7.11
mozilla mozilla 1.7.4
mozilla mozilla 1.7.7
mozilla mozilla 1.7.9
mozilla mozilla 1.7 alpha
mozilla mozilla 1.7 beta
mozilla mozilla 1.7 rc1
mozilla mozilla 1.7 rc2
mozilla mozilla 1.8 alpha1
mozilla mozilla 1.8 alpha2
mozilla mozilla 1.8 alpha3
mozilla mozilla 1.8 alpha4
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 2.1
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat enterprise linux 3
redhat linux advanced workstation 2.1
Denotes that component is vulnerable