138004 – mozilla overflow in page with large title

Bug 138004 - mozilla overflow in page with large title

Summary: mozilla overflow in page with large title

Status:	RESOLVED WONTFIX

Alias:	None

Product:	SUSE LINUX 10.0
Classification:	openSUSE
Component:	Firefox (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	E-mail List
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-12-12 09:08 UTC by Marcus Meissner
Modified:	2005-12-22 07:27 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2005-12-12 09:08:04 UTC

CVE-2005-4134

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon up to 0.9 allow
s remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup.  NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox.

(feel free to close if this is your opinion too)

Comment 1 Robert O'Callahan 2005-12-12 22:03:05 UTC

I haven't looked at the bug myself, but I believe what Mozilla.org says.

Comment 2 Wolfgang Rosenauer 2005-12-22 07:27:48 UTC

http://www.mozilla.org/security/history-title.html

There are no plans to change it in FF 1.0.x but maybe in 1.5.0.x. We will get it automatically when ready.
WONTFIX is OK? Otherwise LATER would be an option.