CVE-2009-3372 : Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0,

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

Published 2009-10-29 14:30:01

Updated 2018-10-30 16:25:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2009-3372

Mozilla » Firefox » Version: 3.0.5
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.11
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.5.1
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.10
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.5.2
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.7
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.8
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.12
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.6
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.13
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.5.3
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.1
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.3
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.9
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.4
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.2
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0 Update Beta5
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions up to, including, (<=) 1.5.0.10
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.16
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.1
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.10
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Update Beta
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.4
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.9
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.5.0.8
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.3
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.2
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.3
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.14
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.15
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.5
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.5.0.9
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.9
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.13
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.17
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1 Update Alpha
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Update Alpha
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.7
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.6
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.6
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1 Update Beta
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.5
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.4
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.11
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.12
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.8
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.8
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.7
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-3372

EPSS FAQ

8.84%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-3372

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2009-3372

Jump to

Vulnerability Details : CVE-2009-3372

Products affected by CVE-2009-3372

Exploit prediction scoring system (EPSS) score for CVE-2009-3372

CVSS scores for CVE-2009-3372

References for CVE-2009-3372