CVE-2009-3372

2009-10-2914:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2009-3372

mozilla firefox

seamonkey

code execution

crafted regular expression

nvd

9.4 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.082 Low

EPSS

Percentile

94.3%

JSON

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

CPENameOperatorVersion
mozilla:seamonkeymozilla seamonkeyeq1.1.10
mozilla:seamonkeymozilla seamonkeyeq1.0.3
mozilla:firefoxmozilla firefoxeq3.5.3
mozilla:seamonkeymozilla seamonkeyeq1.1.8
mozilla:firefoxmozilla firefoxeq3.0.7
mozilla:seamonkeymozilla seamonkeyeq1.0.1
mozilla:seamonkeymozilla seamonkeyeq1.1.7
mozilla:firefoxmozilla firefoxeq3.0.9
mozilla:seamonkeymozilla seamonkeyeq1.0.6
mozilla:seamonkeymozilla seamonkeyeq1.0.9

CPE	Name	Operator	Version
mozilla:seamonkey	mozilla seamonkey	eq	1.1.10
mozilla:seamonkey	mozilla seamonkey	eq	1.0.3
mozilla:firefox	mozilla firefox	eq	3.5.3
mozilla:seamonkey	mozilla seamonkey	eq	1.1.8
mozilla:firefox	mozilla firefox	eq	3.0.7
mozilla:seamonkey	mozilla seamonkey	eq	1.0.1
mozilla:seamonkey	mozilla seamonkey	eq	1.1.7
mozilla:firefox	mozilla firefox	eq	3.0.9
mozilla:seamonkey	mozilla seamonkey	eq	1.0.6
mozilla:seamonkey	mozilla seamonkey	eq	1.0.9