Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0791

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0791
Last Modified 10 Sep 2008 03:20:29
Published 07 Oct 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0791

Summary

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

Vulnerable Systems

Operating System

  • Sco Openserver 5.0.7

Application

  • Mozilla 0.8

  • Mozilla 0.9.2

  • Mozilla 0.9.2.1

  • Mozilla 0.9.3

  • Mozilla 0.9.35

  • Mozilla 0.9.4

  • Mozilla 0.9.4.1

  • Mozilla 0.9.48

  • Mozilla 0.9.5

  • Mozilla 0.9.6

  • Mozilla 0.9.7

  • Mozilla 0.9.8

  • Mozilla 0.9.9

  • Mozilla 1.0

  • Mozilla 1.0.1

  • Mozilla 1.0.2

  • Mozilla 1.1

  • Mozilla 1.2

  • Mozilla 1.2.1

  • Mozilla 1.3

  • Mozilla 1.3.1

  • Mozilla 1.4


References

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=221526

BID - 9322

SCO - SCOSA-2004.8

OSVDB - 8390

SECUNIA - 11103

MANDRAKE - MDKSA-2004:021


Last Updated: 27 May 2016 10:38:03