Vulnerability Details CVE-2003-0791
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/11103/
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
- http://www.osvdb.org/8390
- http://www.securityfocus.com/advisories/6979
- http://www.securityfocus.com/bid/9322
- https://bugzilla.mozilla.org/show_bug.cgi?id=221526
- http://secunia.com/advisories/11103/
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
- http://www.osvdb.org/8390
- http://www.securityfocus.com/advisories/6979
- http://www.securityfocus.com/bid/9322
- https://bugzilla.mozilla.org/show_bug.cgi?id=221526
Products affected by CVE-2003-0791
-
cpe:2.3:a:mozilla:mozilla:-
-
cpe:2.3:a:mozilla:mozilla:0.8
-
cpe:2.3:a:mozilla:mozilla:0.9.2
-
cpe:2.3:a:mozilla:mozilla:0.9.2.1
-
cpe:2.3:a:mozilla:mozilla:0.9.3
-
cpe:2.3:a:mozilla:mozilla:0.9.35
-
cpe:2.3:a:mozilla:mozilla:0.9.4
-
cpe:2.3:a:mozilla:mozilla:0.9.4.1
-
cpe:2.3:a:mozilla:mozilla:0.9.48
-
cpe:2.3:a:mozilla:mozilla:0.9.5
-
cpe:2.3:a:mozilla:mozilla:0.9.6
-
cpe:2.3:a:mozilla:mozilla:0.9.7
-
cpe:2.3:a:mozilla:mozilla:0.9.8
-
cpe:2.3:a:mozilla:mozilla:0.9.9
-
cpe:2.3:a:mozilla:mozilla:1.0
-
cpe:2.3:a:mozilla:mozilla:1.0.1
-
cpe:2.3:a:mozilla:mozilla:1.0.2
-
cpe:2.3:a:mozilla:mozilla:1.1
-
cpe:2.3:a:mozilla:mozilla:1.2
-
cpe:2.3:a:mozilla:mozilla:1.2.1
-
cpe:2.3:a:mozilla:mozilla:1.3
-
cpe:2.3:a:mozilla:mozilla:1.3.1
-
cpe:2.3:a:mozilla:mozilla:1.4
-
cpe:2.3:o:sco:openserver:5.0.7