CVE-2003-0791

CVE Database · CVE-2003-0791

CVE-2003-0791

· CRITICALModified

CVSS v3.1

9.8

EPSS

2.13%

Published

Oct 7, 2003

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-502

Affected Products (2)

mozilla · mozillavulnerable

sco · openservervulnerable

References (12)

http://secunia.com/advisories/11103/

URL Repurposed

http://www.mandriva.com/security/advisories?name=MDKSA-2004:021

Broken Link

http://www.osvdb.org/8390

Broken LinkPatchVendor Advisory

http://www.securityfocus.com/advisories/6979

Broken LinkPatchThird Party Advisory

http://www.securityfocus.com/bid/9322

Broken LinkPatchThird Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=221526

KEV Catalog EPSS Scores Vendors All CVEs