The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-04-14T04:00:00
Updated: 2024-08-08T02:05:12.568Z
Reserved: 2003-09-17T00:00:00
Link: CVE-2003-0791
Vulnrichment
No data.
NVD
Status : Modified
Published: 2003-10-07T04:00:00.000
Modified: 2024-11-20T23:45:32.070
Link: CVE-2003-0791
Redhat
No data.