CVE-2003-0791

2005-04-1404:00:00

mitre

www.cve.org

9.7 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.1%

JSON

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

References

secunia.com/advisories/11103/

www.mandriva.com/security/advisories?name=MDKSA-2004:021

www.osvdb.org/8390

www.securityfocus.com/advisories/6979

www.securityfocus.com/bid/9322

bugzilla.mozilla.org/show_bug.cgi?id=221526