Vulnerability Description
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Mozilla | <= 1.4 |
| Sco | Openserver | 5.0.7 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/11103/URL Repurposed
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:021Broken Link
- http://www.osvdb.org/8390Broken LinkPatchVendor Advisory
- http://www.securityfocus.com/advisories/6979Broken LinkPatchThird Party Advisory
- http://www.securityfocus.com/bid/9322Broken LinkPatchThird Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=221526Issue TrackingPatchVendor Advisory
- http://secunia.com/advisories/11103/URL Repurposed
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:021Broken Link
- http://www.osvdb.org/8390Broken LinkPatchVendor Advisory
- http://www.securityfocus.com/advisories/6979Broken LinkPatchThird Party Advisory
- http://www.securityfocus.com/bid/9322Broken LinkPatchThird Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=221526Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2003-0791?
CVE-2003-0791 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which...
How severe is CVE-2003-0791?
CVE-2003-0791 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2003-0791?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Mozilla, Sco Openserver.