CVE-2003-0791

9.8 CRITICAL

Published: October 07, 2003 Modified: April 16, 2026

Description

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/11103/

Source: cve@mitre.org

URL Repurposed

http://www.mandriva.com/security/advisories?name=MDKSA-2004:021

Source: cve@mitre.org

Broken Link

http://www.osvdb.org/8390

Source: cve@mitre.org

Broken Link Patch Vendor Advisory

http://www.securityfocus.com/advisories/6979

Source: cve@mitre.org

Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory

http://www.securityfocus.com/bid/9322

Source: cve@mitre.org

Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=221526

Source: cve@mitre.org

Issue Tracking Patch Vendor Advisory

http://secunia.com/advisories/11103/