Back to search
CVE-2009-2061
Published: Jun 15, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
35412
vdb-entry
x_refsource_BID
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
x_refsource_MISC
firefox-httpconnect-code-execution(51203)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now