9.7 High
AI Score
Confidence
High
0.012 Low
EPSS
Percentile
85.1%
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
secunia.com/advisories/11103/
www.mandriva.com/security/advisories?name=MDKSA-2004:021
www.osvdb.org/8390
www.securityfocus.com/advisories/6979
www.securityfocus.com/bid/9322
bugzilla.mozilla.org/show_bug.cgi?id=221526