CVE-2003-0791
9.8
CVSS Score
Critical
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Link copied!
Description
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Software Configurations
- a mozilla mozilla * * * * * * * *
- o sco openserver 5.0.7 * * * * * * *
Weaknesses (CWE)
- CWE-502
References & External Links
- http://secunia.com/advisories/11103/
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
- http://www.osvdb.org/8390
- http://www.securityfocus.com/advisories/6979
- http://www.securityfocus.com/bid/9322
- https://bugzilla.mozilla.org/show_bug.cgi?id=221526
- http://secunia.com/advisories/11103/
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
- http://www.osvdb.org/8390
- http://www.securityfocus.com/advisories/6979
- http://www.securityfocus.com/bid/9322
- https://bugzilla.mozilla.org/show_bug.cgi?id=221526
External Resources
CVE History Timeline
May 24, 2005 21:50
Initial Analysis
Jan 25, 2024 02:14
Reanalysis
May 14, 2024 01:24
CVE Modified
Nov 20, 2024 23:45
CVE Modified