CVE-2005-0592 [High] | Denial of Service in Firefox

Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	3.41%	3.86%	+0.45%
2	2025-03-30	6.92%	3.41%	-3.51%
3	2025-03-29	—	6.92%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

3.41%

3.86%

+0.45%

2025-03-30

6.92%

3.41%

-3.51%

2025-03-29

—

6.92%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	2.0	HIGH	`AV:N/AC:L/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	10.0	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.5

2.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

6.4

[email protected]

OS Trackers for CVE-2005-0592

vendor	priority	summary	link
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2005-0592
`ubuntu`	medium	CVE-2005-0592 medium priority: Ubuntu including 2 source packages (mozilla, mozilla-thunderbird), 8 status rows across 4 suites (dapper, edgy, feisty, upstream): not-affected 3, needs-triage 2, released 2, DNE 1.	https://ubuntu.com/security/CVE-2005-0592

Affected software / configurations for CVE-2005-0592

Vendor	Product	Version	Raw CPE
mozilla	firefox	0.8	cpe:2.3:a:mozilla:firefox:0.8:::::::*
mozilla	firefox	0.9	cpe:2.3:a:mozilla:firefox:0.9:::::::*
mozilla	firefox	0.9	cpe:2.3:a:mozilla:firefox:0.9:rc::::::
mozilla	firefox	0.9.1	cpe:2.3:a:mozilla:firefox:0.9.1:::::::*
mozilla	firefox	0.9.2	cpe:2.3:a:mozilla:firefox:0.9.2:::::::*
mozilla	firefox	0.9.3	cpe:2.3:a:mozilla:firefox:0.9.3:::::::*
mozilla	firefox	0.10	cpe:2.3:a:mozilla:firefox:0.10:::::::*
mozilla	firefox	0.10.1	cpe:2.3:a:mozilla:firefox:0.10.1:::::::*
mozilla	firefox	1.0	cpe:2.3:a:mozilla:firefox:1.0:::::::*
mozilla	mozilla	1.3	cpe:2.3:a:mozilla:mozilla:1.3:::::::*
mozilla	mozilla	1.4	cpe:2.3:a:mozilla:mozilla:1.4:::::::*
mozilla	mozilla	1.4	cpe:2.3:a:mozilla:mozilla:1.4:alpha::::::
mozilla	mozilla	1.4.1	cpe:2.3:a:mozilla:mozilla:1.4.1:::::::*
mozilla	mozilla	1.5	cpe:2.3:a:mozilla:mozilla:1.5:::::::*
mozilla	mozilla	1.5	cpe:2.3:a:mozilla:mozilla:1.5:alpha::::::
mozilla	mozilla	1.5	cpe:2.3:a:mozilla:mozilla:1.5:rc1::::::
mozilla	mozilla	1.5	cpe:2.3:a:mozilla:mozilla:1.5:rc2::::::
mozilla	mozilla	1.5.1	cpe:2.3:a:mozilla:mozilla:1.5.1:::::::*
mozilla	mozilla	1.6	cpe:2.3:a:mozilla:mozilla:1.6:::::::*
mozilla	mozilla	1.6	cpe:2.3:a:mozilla:mozilla:1.6:alpha::::::
mozilla	mozilla	1.6	cpe:2.3:a:mozilla:mozilla:1.6:beta::::::
mozilla	mozilla	1.7	cpe:2.3:a:mozilla:mozilla:1.7:::::::*
mozilla	mozilla	1.7	cpe:2.3:a:mozilla:mozilla:1.7:alpha::::::
mozilla	mozilla	1.7	cpe:2.3:a:mozilla:mozilla:1.7:beta::::::
mozilla	mozilla	1.7	cpe:2.3:a:mozilla:mozilla:1.7:rc1::::::
mozilla	mozilla	1.7	cpe:2.3:a:mozilla:mozilla:1.7:rc2::::::
mozilla	mozilla	1.7	cpe:2.3:a:mozilla:mozilla:1.7:rc3::::::
mozilla	mozilla	1.7.1	cpe:2.3:a:mozilla:mozilla:1.7.1:::::::*
mozilla	mozilla	1.7.2	cpe:2.3:a:mozilla:mozilla:1.7.2:::::::*
mozilla	mozilla	1.7.3	cpe:2.3:a:mozilla:mozilla:1.7.3:::::::*
mozilla	mozilla	1.7.5	cpe:2.3:a:mozilla:mozilla:1.7.5:::::::*

References for CVE-2005-0592

URL	Tags
http://secunia.com/advisories/19823
http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml	Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml	Vendor Advisory
http://www.mozilla.org/security/announce/mfsa2005-15.html	Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.redhat.com/support/errata/RHSA-2005-176.html
http://www.securityfocus.com/bid/12659
https://bugzilla.mozilla.org/show_bug.cgi?id=241440	Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10606

URL

CVE-2005-0592

Exploit prediction scoring system (EPSS) score for CVE-2005-0592

Common vulnerability scoring system (CVSS) metrics for CVE-2005-0592

Weakness enumeration for CVE-2005-0592

OS Trackers for CVE-2005-0592

Affected software / configurations for CVE-2005-0592

References for CVE-2005-0592