Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR 64-bit

Download Firefox ESR 32-bit

Download a different build

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Download Firefox ESR
Firefox Privacy Notice
Get Mozilla VPN

Mozilla Foundation Security Advisory 2009-55

Crash in proxy auto-configuration regexp parsing

Announced
October 27, 2009
Reporter
Marco C.
Impact
Moderate
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 3.0.15
  • Firefox 3.5.4
  • SeaMonkey 2

Description

Security researcher Marco C. reported a flaw in the parsing of regular expressions used in Proxy Auto-configuration (PAC) files. In certain cases this flaw could be used by an attacker to crash a victim's browser and run arbitrary code on their computer. Since this vulnerability requires the victim to have PAC configured in their environment with specific regular expresssions which can trigger the crash, the severity of the issue was determined to be moderate.

Workaround

Disable JavaScript until a version containing these fixes can be installed.

References