Back to search
CVE-2009-2065
Published: Jun 15, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
firefox-https-security-bypass(51189)
vdb-entry
x_refsource_XF
35403
vdb-entry
x_refsource_BID
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now