CVE-2004-1613

Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lcamtuf.coredump.cx/mangleme/gallery/	Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html	Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=109811406620511&w=2
http://securitytracker.com/id?1011810	Exploit Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-323.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/11439	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227
http://lcamtuf.coredump.cx/mangleme/gallery/	Exploit
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html	Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=109811406620511&w=2
http://securitytracker.com/id?1011810	Exploit Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-323.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/11439	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:mozilla:1.0:::::::*
	cpe:2.3:a:mozilla:mozilla:1.0:rc1::::::
	cpe:2.3:a:mozilla:mozilla:1.0:rc2::::::
	cpe:2.3:a:mozilla:mozilla:1.0.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.0.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.1:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.1:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.2:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.2:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.2.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.3.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4:alpha::::::
	cpe:2.3:a:mozilla:mozilla:1.4:beta::::::
	cpe:2.3:a:mozilla:mozilla:1.4.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.4.4:::::::*
	cpe:2.3:a:mozilla:mozilla:1.5:::::::*
	cpe:2.3:a:mozilla:mozilla:1.6:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7:rc3::::::
	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
	cpe:2.3:a:mozilla:mozilla:1.7.3:::::::*
	cpe:2.3:a:mozilla:mozilla:1.8:alpha2::::::
	cpe:2.3:a:sgi:propack:3.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_servers:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*
	cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
	cpe:2.3:o:redhat:linux:7.3:::::::*
	cpe:2.3:o:redhat:linux:7.3::i386:::::
	cpe:2.3:o:redhat:linux:7.3::i686:::::
	cpe:2.3:o:redhat:linux:9.0::i386:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium:::::

History

20 Nov 2024, 23:51

Type	Values Removed	Values Added
References	~~() http://lcamtuf.coredump.cx/mangleme/gallery/ - Exploit~~	() http://lcamtuf.coredump.cx/mangleme/gallery/ - Exploit
References	~~() http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html - Exploit, Vendor Advisory~~	() http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html - Exploit, Vendor Advisory
References	~~() http://marc.info/?l=bugtraq&m=109811406620511&w=2 -~~	() http://marc.info/?l=bugtraq&m=109811406620511&w=2 -
References	~~() http://securitytracker.com/id?1011810 - Exploit, Vendor Advisory~~	() http://securitytracker.com/id?1011810 - Exploit, Vendor Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2005-323.html - Patch, Vendor Advisory~~	() http://www.redhat.com/support/errata/RHSA-2005-323.html - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/11439 - Exploit, Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/11439 - Exploit, Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/17805 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/17805 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227 -

Information

Published : 2004-10-18 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-1613

Mitre link : CVE-2004-1613

CVE.ORG link : CVE-2004-1613

JSON object : View

Products Affected

mozilla

mozilla

redhat

enterprise_linux
linux_advanced_workstation
linux
enterprise_linux_desktop
fedora_core

sgi

propack

CWE

NVD-CWE-Other

{"id": "CVE-2004-1613", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-10-18T04:00:00.000", "references": [{"url": "http://lcamtuf.coredump.cx/mangleme/gallery/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=109811406620511&w=2", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1011810", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-323.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11439", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227", "source": "cve@mitre.org"}, {"url": "http://lcamtuf.coredump.cx/mangleme/gallery/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=109811406620511&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1011810", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-323.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/11439", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17805", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10227", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A76ACC55-754D-4501-8312-5A4E10D053B8"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8987151-0901-4547-B750-5DC470BB9CF7"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53E60BCC-6D1C-489E-9F3B-9BE42B46704F"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66A87ED8-9E1F-4C2C-B806-A41765081C9C"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C795D86F-9B08-41FE-B82B-5BBB3DE6357D"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2637D552-4A3D-4867-B52A-ACCED8681AF4"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CC237C8-CFE0-4128-B549-93CD16894E71"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "367A5D46-0FF3-4140-9478-251363822E9C"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8DE4889-424F-4A44-8C14-9F18821CE961"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1003D688-3EEA-45F9-BB2C-5BAB395D7678"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "098458D4-635B-4A4D-9472-39370094E1ED"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCEAEDEB-0EE7-4221-B9B8-65438580D331"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.7:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "150F1B28-0FAB-4880-B1D5-7F244A1C4D31"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FE7EA3B-3BF8-4696-9488-78506074D62D"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCFD7AF7-0FE9-4F56-98B0-60FC7F7F1B78"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C883B45F-D28D-428E-AAF7-F93522A229DC"}, {"criteria": "cpe:2.3:a:mozilla:mozilla:1.8:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10349BA5-70D3-4D11-94F6-A77D8570CB06"}, {"criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81B543F9-C209-46C2-B0AE-E14818A6992E"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB89C970-DE94-4E09-A90A-077DB83AD156"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473"}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C84296C-2C8A-4DCD-9751-52951F8BEA9F"}, {"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B"}, {"criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227"}, {"criteria": "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B502A61-44FB-4CD4-85BE-88D4ACCCA441"}, {"criteria": "cpe:2.3:o:redhat:linux:7.3:*:i686:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05853955-CA81-40D3-9A70-1227F3270D3C"}, {"criteria": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1"}, {"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10