Published: 03/08/2005 Updated: 11/07/2017
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 265
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

Vulnerability Summary

Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote malicious users to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.

Affected Products

Vendor Product Versions


XPCOM Race Condition Vendor: Mozilla Product: XPCOM Version: Website: wwwmozillaorg/projects/xpcom/ CVE: CVE-2005-2414 OSVDB: 18226 PACKETSTORM: 38837 Description: xpcom, or cross platform component object model is a framework for writing cross-platform, modular software The xpcom library is used in many applications including a ma ...