CVE-2003-0791

critical

Description

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=221526

http://secunia.com/advisories/11103/

Details

Source: Mitre, NVD

Published: 2003-10-07

Updated: 2024-01-25

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics