The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.01149
Percentile: 0.7757

CVSS Scoring

Mapped CWE(s)

• CWE-502 : Deserialization of Untrusted Data

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*
• cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*

← Back to Home