PT-2003-1880 · Mozilla · Mozilla Firefox
Brendan
+1
·
Published
2003-10-07
·
Updated
2024-01-25
·
CVE-2003-0791
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Mozilla versions 1.4 and earlier
Description:
The issue allows attackers to execute native methods by modifying the string used as input to the
script.thaw JavaScript function, which is then deserialized and executed. This is related to the Script.prototype.freeze/thaw functionality.Recommendations:
For Mozilla versions 1.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mozilla Firefox