CVE-2003-0791

CWE-502Deserialization of Untrusted Data3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 21.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla MozillaSCO Openserver
Timeline
PublishedOct 7
Latest updateApr 29

Description

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDsco/openserver5.0.7

Patches

Patch: www.osvdb.orgPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-8cc8-674c-8354: The Script2022-04-29
CVEList
CVE-2003-0791: The Script2005-04-14
CVE-2003-0791 (CRITICAL CVSS 9.8) | The Script.prototype.freeze/thaw fu | cvebase.io