Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2003-0791 | First vendor Publication | 2003-10-07 |
Vendor | Cve | Last vendor Modification | 2024-01-25 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0791 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-502 | Deserialization of Untrusted Data |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
8390 | Mozilla Browser Script.prototype.freeze/thaw Arbitrary Code Execution Mozilla Web Browser contains a flaw that may allow a malicious user to execute arbitrary code. The issue is caused by a flaw in JavaScript Script.freeze/thaw functionality, and could allow a very knowledgeable attacker to execute arbitrary code on the client system, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-021.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-01-25 09:27:53 |
|
2021-05-04 12:01:59 |
|
2021-04-22 01:02:15 |
|
2020-05-23 00:15:30 |
|
2016-06-28 15:02:33 |
|
2016-04-26 12:37:25 |
|
2014-02-17 10:26:35 |
|
2013-05-11 11:52:58 |
|