CVE-2005-2414

NameCVE-2005-2414
DescriptionRace condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs327549, 327550

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
firefox (PTS)sid88.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
firefoxsource(unstable)1.5.dfsg-1unimportant
iceweaselsource(unstable)(not affected)
mozillasource(unstable)1.5.dfsg-1unimportant327550
mozilla-firefoxsource(unstable)1.5.dfsg-1unimportant327549

Notes

The turned out to be non-exploitable

Search for package or bug name: Reporting problems