CVE-2003-0791

moderate-risk
Published 2003-10-07

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

Do I need to act?

~
1.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Mozilla
Openserver

Affected Vendors

Mozilla Sco

References (12)

URL Repurposed http://secunia.com/advisories/11103/
Broken Link http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
Broken Link http://www.osvdb.org/8390
Broken Link http://www.securityfocus.com/advisories/6979
Broken Link http://www.securityfocus.com/bid/9322
Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=221526
URL Repurposed http://secunia.com/advisories/11103/
Broken Link http://www.mandriva.com/security/advisories?name=MDKSA-2004:021
Broken Link http://www.osvdb.org/8390
Broken Link http://www.securityfocus.com/advisories/6979
Broken Link http://www.securityfocus.com/bid/9322
Issue Tracking https://bugzilla.mozilla.org/show_bug.cgi?id=221526
42
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 3/34 · Minimal
Exposure 7/34 · Low