CVE-2009-1836
CVE-2009-1836
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/55160http://research.microsoft.com/apps/pubs/default.aspx?id=79323http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdfhttps://bugzilla.mozilla.org/show_bug.cgi?id=479880https://bugzilla.redhat.com/show_bug.cgi?id=503578http://secunia.com/advisories/35331http://secunia.com/advisories/35415http://secunia.com/advisories/35431http://secunia.com/advisories/35439http://secunia.com/advisories/35440http://secunia.com/advisories/35468http://secunia.com/advisories/35536