HIGH
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mozilla.org/security/announce/2009/mfsa2009-55.html
http://www.vupen.com/english/advisories/2009/3334
https://bugzilla.mozilla.org/show_bug.cgi?id=500644
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10977
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6347
Source: MITRE
Published: 2009-10-29
Updated: 2018-10-30
Type: NVD-CWE-Other
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
OR
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 1.5.0.10 (inclusive)
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 89735 | VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0001) (remote check) | Nessus | VMware ESX Local Security Checks | critical |
| 67949 | Oracle Linux 3 / 4 : seamonkey (ELSA-2009-1531) | Nessus | Oracle Linux Local Security Checks | critical |
| 67948 | Oracle Linux 4 / 5 : firefox (ELSA-2009-1530) | Nessus | Oracle Linux Local Security Checks | critical |
| 63402 | GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 60683 | Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
| 49897 | SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6617) | Nessus | SuSE Local Security Checks | critical |
| 49887 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6609) | Nessus | SuSE Local Security Checks | critical |
| 48157 | Mandriva Linux Security Advisory : firefox (MDVSA-2009:294) | Nessus | Mandriva Local Security Checks | critical |
| 44787 | Debian DSA-1922-1 : xulrunner - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 43826 | VMSA-2010-0001 : ESX Service Console and vMA updates for nss and nspr | Nessus | VMware ESX Local Security Checks | critical |
| 42992 | Mandriva Linux Security Advisory : firefox (MDVSA-2009:290-1) | Nessus | Mandriva Local Security Checks | critical |
| 42474 | Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 regression (USN-853-2) | Nessus | Ubuntu Local Security Checks | critical |
| 42391 | openSUSE Security Update : MozillaFirefox (MozillaFirefox-1499) | Nessus | SuSE Local Security Checks | critical |
| 42388 | openSUSE Security Update : MozillaFirefox (MozillaFirefox-1499) | Nessus | SuSE Local Security Checks | critical |
| 42383 | Fedora 10 : Miro-2.0.5-5.fc10 / blam-1.8.5-15.fc10 / epiphany-2.24.3-11.fc10 / etc (2009-10981) | Nessus | Fedora Local Security Checks | critical |
| 42366 | SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6616) | Nessus | SuSE Local Security Checks | critical |
| 42365 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6606) | Nessus | SuSE Local Security Checks | critical |
| 42364 | SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 1493) | Nessus | SuSE Local Security Checks | critical |
| 42363 | SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 1488) | Nessus | SuSE Local Security Checks | critical |
| 42335 | Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1 vulnerabilities (USN-853-1) | Nessus | Ubuntu Local Security Checks | critical |
| 42307 | SeaMonkey < 2.0 Multiple Vulnerabilities | Nessus | Windows | high |
| 42306 | Firefox 3.5.x < 3.5.4 Multiple Vulnerabilities | Nessus | Windows | high |
| 42305 | Firefox < 3.0.15 Multiple Vulnerabilities | Nessus | Windows | high |
| 42298 | FreeBSD : mozilla -- multiple vulnerabilities (c87aa2d2-c3c4-11de-ab08-000f20797ede) | Nessus | FreeBSD Local Security Checks | critical |
| 42297 | Fedora 11 : Miro-2.5.2-5.fc11 / blam-1.8.5-15.fc11 / chmsee-1.0.1-12.fc11 / eclipse-3.4.2-17.fc11 / etc (2009-10878) | Nessus | Fedora Local Security Checks | critical |
| 42296 | CentOS 3 / 4 : seamonkey (CESA-2009:1531) | Nessus | CentOS Local Security Checks | critical |
| 42295 | CentOS 4 : firefox (CESA-2009:1530) | Nessus | CentOS Local Security Checks | critical |
| 801372 | Mozilla SeaMonkey < 2.0 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 801352 | Mozilla Firefox < 3.0.15 / 3.5.4 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 42288 | RHEL 3 / 4 : seamonkey (RHSA-2009:1531) | Nessus | Red Hat Local Security Checks | critical |
| 42287 | RHEL 4 / 5 : firefox (RHSA-2009:1530) | Nessus | Red Hat Local Security Checks | critical |
| 5219 | SeaMonkey < 2.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 5218 | Mozilla Firefox < 3.0.15 / 3.5.4 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |