The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
Metrics
Affected Vendors & Products
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-08T02:05:12.568Z
Reserved: 2003-09-17T00:00:00
Link: CVE-2003-0791

No data.

Status : Deferred
Published: 2003-10-07T04:00:00.000
Modified: 2025-04-03T01:03:51.193
Link: CVE-2003-0791

No data.

No data.