ID OSVDB:11136 Type osvdb Reporter Michal Zalewski(lcamtuf@ghettot.org) Modified 2004-10-18T04:31:28
Description
Vulnerability Description
Mozilla Web Browser contains a flaw that may allow a remote denial of service. The issue is triggered when a user access a malicious web page containing TEXTAREA, INPUT, FRAMESET, or IMG tags followed by a NULL character and extra characters, and will result in loss of availability for the service.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
Mozilla Web Browser contains a flaw that may allow a remote denial of service. The issue is triggered when a user access a malicious web page containing TEXTAREA, INPUT, FRAMESET, or IMG tags followed by a NULL character and extra characters, and will result in loss of availability for the service.
{"edition": 1, "title": "Mozilla Multiple MARQUEE Tag HTML Parsing DoS", "bulletinFamily": "software", "published": "2004-10-18T04:31:28", "lastseen": "2017-04-28T13:20:06", "modified": "2004-10-18T04:31:28", "reporter": "Michal Zalewski(lcamtuf@ghettot.org)", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:11136", "description": "## Vulnerability Description\nMozilla Web Browser contains a flaw that may allow a remote denial of service. The issue is triggered when a user access a malicious web page containing TEXTAREA, INPUT, FRAMESET, or IMG tags followed by a NULL character and extra characters, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nMozilla Web Browser contains a flaw that may allow a remote denial of service. The issue is triggered when a user access a malicious web page containing TEXTAREA, INPUT, FRAMESET, or IMG tags followed by a NULL character and extra characters, and will result in loss of availability for the service.\n## References:\nVendor URL: http://www.mozilla.org/\nSecurity Tracker: 1011810\n[Related OSVDB ID: 11137](https://vulners.com/osvdb/OSVDB:11137)\n[Related OSVDB ID: 11138](https://vulners.com/osvdb/OSVDB:11138)\n[Related OSVDB ID: 11134](https://vulners.com/osvdb/OSVDB:11134)\n[Related OSVDB ID: 11135](https://vulners.com/osvdb/OSVDB:11135)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0658.html\nKeyword: mangleme\nISS X-Force ID: 17805\n[CVE-2004-1614](https://vulners.com/cve/CVE-2004-1614)\nBugtraq ID: 11440\n", "affectedSoftware": [{"name": "Mozilla Web Browser", "version": "1.4.2", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.2 Alpha", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.1 Alpha", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.3.1", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.2", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.7 rc3", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.0 rc1", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.3", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.4", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.7.1", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.7.2", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.7", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.4 a", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.6", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.2.1", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.0.1", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.2 Beta", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.4 b", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.0", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.0.2", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.0 RC2", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.8 Alpha 2", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.4.1", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.5", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.1", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.7.3", "operator": "eq"}, {"name": "Mozilla Web Browser", "version": "1.0 Beta", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 5.1, "vector": "NONE", "modified": "2017-04-28T13:20:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-1614"]}], "modified": "2017-04-28T13:20:06", "rev": 2}, "vulnersScore": 5.1}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 5.0}, "cvelist": ["CVE-2004-1614"], "id": "OSVDB:11136"}
{"cve": [{"lastseen": "2021-02-02T05:23:00", "description": "Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an \"unusual combination of visual elements,\" including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.", "edition": 4, "cvss3": {}, "published": "2004-10-18T04:00:00", "title": "CVE-2004-1614", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-1614"], "modified": "2016-10-18T02:57:00", "cpe": ["cpe:/a:mozilla:mozilla:1.7.1", "cpe:/a:mozilla:mozilla:1.5", "cpe:/a:mozilla:mozilla:1.0.1", "cpe:/a:mozilla:mozilla:1.3", "cpe:/a:mozilla:mozilla:1.3.1", "cpe:/a:mozilla:mozilla:1.8", "cpe:/a:mozilla:mozilla:1.6", "cpe:/a:mozilla:mozilla:1.0", "cpe:/a:mozilla:mozilla:1.7.2", "cpe:/a:mozilla:mozilla:1.2", "cpe:/a:mozilla:mozilla:1.2.1", "cpe:/a:mozilla:mozilla:1.4.1", "cpe:/a:mozilla:mozilla:1.0.2", "cpe:/a:mozilla:mozilla:1.4", "cpe:/a:mozilla:mozilla:1.1", "cpe:/a:mozilla:mozilla:1.7.3", "cpe:/a:mozilla:mozilla:1.7", "cpe:/a:mozilla:mozilla:1.4.2"], "id": "CVE-2004-1614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1614", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*"]}]}
