Vulnerability Name:

CVE-2005-2114 (CCN-21188)

Assigned:2005-06-28
Published:2005-06-28
Updated:2017-10-11
Summary:Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Jun 29 2005 - 02:52:47 CDT
Mozilla Multiple Product JavaScript Issue

Source: MITRE
Type: CNA
CVE-2005-2114

Source: BUGTRAQ
Type: UNKNOWN
20050629 Mozilla Multiple Product JavaScript Issue

Source: CCN
Type: KA Security Advisory 0506241
Mozilla Multiple Product JavaScript Issue

Source: CCN
Type: RHSA-2005-586
firefox security update

Source: CCN
Type: RHSA-2005-587
mozilla security update

Source: CCN
Type: SECTRACK ID: 1014292
Mozilla Camino Error in Processing Empty Javascript Functions Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1014292

Source: CCN
Type: SECTRACK ID: 1014293
Mozilla Browser Error in Processing Empty Javascript Functions Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1014293

Source: CCN
Type: SECTRACK ID: 1014294
Mozilla Firefox Error in Processing Empty Javascript Functions Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1014294

Source: CCN
Type: SECTRACK ID: 1014349
Netscape Error in Processing Empty Javascript Functions Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1014349

Source: CCN
Type: SECTRACK ID: 1014372
K-Meleon Error in Processing Empty Javascript Functions Lets Remote Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1014372

Source: MISC
Type: Exploit, Vendor Advisory
http://www.kurczaba.com/html/security/0506241.htm

Source: CCN
Type: Mozilla Web site
Mozilla

Source: CCN
Type: OSVDB ID: 17696
Mozilla Multiple Browser Empty Javascript Function Remote DoS

Source: CCN
Type: OSVDB ID: 79189
Netscape Empty Javascript Function Remote DoS

Source: CCN
Type: OSVDB ID: 79190
K-Meleon Empty Javascript Function Remote DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2005:586

Source: REDHAT
Type: UNKNOWN
RHSA-2005:587

Source: MISC
Type: UNKNOWN
http://www.securiteam.com/securitynews/5OP0U00G1G.html

Source: XF
Type: UNKNOWN
mozilla-mult-browsers-javascript-dos(21188)

Source: XF
Type: UNKNOWN
mozilla-mult-browsers-javascript-dos(21188)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9628

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mozilla:camino:0.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:mozilla:mozilla:1.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mozilla:camino:0.8.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:9628
    V
    		Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
    2013-04-29
    oval:com.redhat.rhsa:def:20050587
    P
    		RHSA-2005:587: mozilla security update (Important)
    2005-07-22
    oval:com.redhat.rhsa:def:20050586
    P
    		RHSA-2005:586: firefox security update (Important)
    2005-07-21
    BACK
    mozilla camino 0.8.4
    mozilla firefox 1.0.4
    mozilla mozilla 1.7.8
    mozilla mozilla 1.7.8
    mozilla firefox 1.0.4
    mozilla camino 0.8.4
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat linux advanced workstation 2.1