CVE-2003-0791

High

7.5/10

Summary

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

References

Advisory Timeline

Published Oct 07, 2003

CVE-2003-0791

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS