Deserialization in Mozilla
CVE-2003-0791
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
Vulnerability class: Insecure Deserialization
EPSS: 0.021 (79.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Mozilla
- Sco Openserver — versions 5.0.7
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE, Broken Link)
- cve@mitre.org (x_refsource_OSVDB, Patch, vdb-entry, Broken Link, Vendor Advisory)
- cve@mitre.org (URL Repurposed, x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (Patch, VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (Patch, x_refsource_MISC, Issue Tracking, Vendor Advisory)
- cve@mitre.org (vendor-advisory, Patch, VDB Entry, Third Party Advisory, x_refsource_SCO, Broken Link, Vendor Advisory)
Frequently asked questions
- What is CVE-2003-0791?
- CVE-2003-0791 is a critical-severity vulnerability in Mozilla, classified under Deserialization of Untrusted Data. CVSS score: 9.8/10. Published 2003-10-07.
- How severe is CVE-2003-0791?
- Critical severity. CVSS v3 base score is 9.8 out of 10.