Remote Code Execution (RCE)

2020-04-1000:38:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Mozilla Firefox is vulnerable to Remote Code Execution (RCE). A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox.

CPENameOperatorVersion
firefoxeq1.5.0.12__0.15.el4
firefoxeq3.0.1__1.el5
firefoxeq1.5.0.9__0.1.el4
firefoxeq1.5.0.5__0.el4.1
firefoxeq1.5.0.8__0.1.el4
firefoxeq1.5.0.12__0.7.el4
firefoxeq3.0.5__1.el5_2
firefoxeq1.5.0.12__0.10.el4
firefoxeq3.0.1__1.el4
firefoxeq1.5.0.7__0.1.el4

Name	Operator	Version
firefox	eq	1.5.0.12__0.15.el4
firefox	eq	3.0.1__1.el5
firefox	eq	1.5.0.9__0.1.el4
firefox	eq	1.5.0.5__0.el4.1
firefox	eq	1.5.0.8__0.1.el4
firefox	eq	1.5.0.12__0.7.el4
firefox	eq	3.0.5__1.el5_2
firefox	eq	1.5.0.12__0.10.el4
firefox	eq	3.0.1__1.el4
firefox	eq	1.5.0.7__0.1.el4