Crash in proxy auto-configuration regexp parsing

2009-10-27T00:00:00
ID MFSA2009-55
Type mozilla
Reporter Mozilla Foundation
Modified 2009-10-27T00:00:00

Description

Security researcher Marco C. reported a flaw in the parsing of regular expressions used in Proxy Auto-configuration (PAC) files. In certain cases this flaw could be used by an attacker to crash a victim's browser and run arbitrary code on their computer. Since this vulnerability requires the victim to have PAC configured in their environment with specific regular expresssions which can trigger the crash, the severity of the issue was determined to be moderate.