Bug 138004

Summary: mozilla overflow in page with large title
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Marcus Meissner <meissner>
Component: FirefoxAssignee: E-mail List <bnc-team-mozilla>
Status: RESOLVED WONTFIX QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2005-12-12 09:08:04 UTC 
CVE-2005-4134

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon up to 0.9 allow
s remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup.  NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox.

(feel free to close if this is your opinion too)
Comment 1 Robert O'Callahan 2005-12-12 22:03:05 UTC 
I haven't looked at the bug myself, but I believe what Mozilla.org says.
Comment 2 Wolfgang Rosenauer 2005-12-22 07:27:48 UTC 
http://www.mozilla.org/security/history-title.html

There are no plans to change it in FF 1.0.x but maybe in 1.5.0.x. We will get it automatically when ready.
WONTFIX is OK? Otherwise LATER would be an option.