CVE Vulnerabilities

CVE-2009-2065

Improper Authentication

Published: Jun 15, 2009 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https sites context, by modifying an http page to include an https iframe that references a script file on an http site, related to HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 3.0.9 (including)
Firefox Mozilla 0.1 (including) 0.1 (including)
Firefox Mozilla 0.2 (including) 0.2 (including)
Firefox Mozilla 0.3 (including) 0.3 (including)
Firefox Mozilla 0.4 (including) 0.4 (including)
Firefox Mozilla 0.5 (including) 0.5 (including)
Firefox Mozilla 0.6 (including) 0.6 (including)
Firefox Mozilla 0.6.1 (including) 0.6.1 (including)
Firefox Mozilla 0.7 (including) 0.7 (including)
Firefox Mozilla 0.7.1 (including) 0.7.1 (including)
Firefox Mozilla 0.8 (including) 0.8 (including)
Firefox Mozilla 0.9 (including) 0.9 (including)
Firefox Mozilla 0.9-rc (including) 0.9-rc (including)
Firefox Mozilla 0.9.1 (including) 0.9.1 (including)
Firefox Mozilla 0.9.2 (including) 0.9.2 (including)
Firefox Mozilla 0.9.3 (including) 0.9.3 (including)
Firefox Mozilla 0.9_rc (including) 0.9_rc (including)
Firefox Mozilla 0.10 (including) 0.10 (including)
Firefox Mozilla 0.10.1 (including) 0.10.1 (including)
Firefox Mozilla 1.0 (including) 1.0 (including)
Firefox Mozilla 1.0-preview_release (including) 1.0-preview_release (including)
Firefox Mozilla 1.0.1 (including) 1.0.1 (including)
Firefox Mozilla 1.0.2 (including) 1.0.2 (including)
Firefox Mozilla 1.0.3 (including) 1.0.3 (including)
Firefox Mozilla 1.0.4 (including) 1.0.4 (including)
Firefox Mozilla 1.0.5 (including) 1.0.5 (including)
Firefox Mozilla 1.0.6 (including) 1.0.6 (including)
Firefox Mozilla 1.0.7 (including) 1.0.7 (including)
Firefox Mozilla 1.0.8 (including) 1.0.8 (including)
Firefox Mozilla 1.4.1 (including) 1.4.1 (including)
Firefox Mozilla 1.5 (including) 1.5 (including)
Firefox Mozilla 1.5-beta1 (including) 1.5-beta1 (including)
Firefox Mozilla 1.5-beta2 (including) 1.5-beta2 (including)
Firefox Mozilla 1.5.0.1 (including) 1.5.0.1 (including)
Firefox Mozilla 1.5.0.2 (including) 1.5.0.2 (including)
Firefox Mozilla 1.5.0.3 (including) 1.5.0.3 (including)
Firefox Mozilla 1.5.0.4 (including) 1.5.0.4 (including)
Firefox Mozilla 1.5.0.5 (including) 1.5.0.5 (including)
Firefox Mozilla 1.5.0.6 (including) 1.5.0.6 (including)
Firefox Mozilla 1.5.0.7 (including) 1.5.0.7 (including)
Firefox Mozilla 1.5.0.8 (including) 1.5.0.8 (including)
Firefox Mozilla 1.5.0.9 (including) 1.5.0.9 (including)
Firefox Mozilla 1.5.0.10 (including) 1.5.0.10 (including)
Firefox Mozilla 1.5.0.11 (including) 1.5.0.11 (including)
Firefox Mozilla 1.5.0.12 (including) 1.5.0.12 (including)
Firefox Mozilla 1.5.1 (including) 1.5.1 (including)
Firefox Mozilla 1.5.2 (including) 1.5.2 (including)
Firefox Mozilla 1.5.3 (including) 1.5.3 (including)
Firefox Mozilla 1.5.4 (including) 1.5.4 (including)
Firefox Mozilla 1.5.6 (including) 1.5.6 (including)
Firefox Mozilla 1.5.7 (including) 1.5.7 (including)
Firefox Mozilla 1.5.8 (including) 1.5.8 (including)
Firefox Mozilla 1.8 (including) 1.8 (including)
Firefox Mozilla 2.0 (including) 2.0 (including)
Firefox Mozilla 2.0-beta_1 (including) 2.0-beta_1 (including)
Firefox Mozilla 2.0-beta1 (including) 2.0-beta1 (including)
Firefox Mozilla 2.0-rc3 (including) 2.0-rc3 (including)
Firefox Mozilla 2.0.0.3 (including) 2.0.0.3 (including)
Firefox Mozilla 2.0.0.5 (including) 2.0.0.5 (including)
Firefox Mozilla 2.0.0.7 (including) 2.0.0.7 (including)
Firefox Mozilla 2.0.0.8 (including) 2.0.0.8 (including)
Firefox Mozilla 2.0.0.9 (including) 2.0.0.9 (including)
Firefox Mozilla 2.0.0.10 (including) 2.0.0.10 (including)
Firefox Mozilla 2.0.0.11 (including) 2.0.0.11 (including)
Firefox Mozilla 2.0.0.13 (including) 2.0.0.13 (including)
Firefox Mozilla 2.0.0.14 (including) 2.0.0.14 (including)
Firefox Mozilla 2.0.0.16 (including) 2.0.0.16 (including)
Firefox Mozilla 2.0.0.17 (including) 2.0.0.17 (including)
Firefox Mozilla 2.0.0.18 (including) 2.0.0.18 (including)
Firefox Mozilla 2.0.0.19 (including) 2.0.0.19 (including)
Firefox Mozilla 2.0.0.20 (including) 2.0.0.20 (including)
Firefox Mozilla 2.0.0.21 (including) 2.0.0.21 (including)
Firefox Mozilla 2.0_.1 (including) 2.0_.1 (including)
Firefox Mozilla 2.0_.4 (including) 2.0_.4 (including)
Firefox Mozilla 2.0_.6 (including) 2.0_.6 (including)
Firefox Mozilla 2.0_.9 (including) 2.0_.9 (including)
Firefox Mozilla 2.0_.10 (including) 2.0_.10 (including)
Firefox Mozilla 2.0_8 (including) 2.0_8 (including)
Firefox Mozilla 3.0 (including) 3.0 (including)
Firefox Mozilla 3.0.2 (including) 3.0.2 (including)
Firefox Mozilla 3.0.3 (including) 3.0.3 (including)
Firefox Mozilla 3.0.4 (including) 3.0.4 (including)
Firefox Mozilla 3.0.5 (including) 3.0.5 (including)
Firefox Mozilla 3.0.6 (including) 3.0.6 (including)
Firefox Mozilla 3.0.7 (including) 3.0.7 (including)
Firefox Mozilla 3.0.10 (including) 3.0.10 (including)
Firefox Ubuntu dapper *
Firefox Ubuntu devel *
Firefox Ubuntu hardy *
Firefox Ubuntu lucid *
Firefox Ubuntu maverick *
Seamonkey Ubuntu devel *
Seamonkey Ubuntu hardy *
Seamonkey Ubuntu intrepid *
Seamonkey Ubuntu jaunty *
Seamonkey Ubuntu karmic *
Seamonkey Ubuntu lucid *
Seamonkey Ubuntu maverick *
Seamonkey Ubuntu upstream *
Xulrunner Ubuntu hardy *
Xulrunner Ubuntu intrepid *
Xulrunner Ubuntu jaunty *
Xulrunner Ubuntu karmic *
Xulrunner-1.9 Ubuntu hardy *
Xulrunner-1.9 Ubuntu intrepid *
Xulrunner-1.9 Ubuntu jaunty *
Xulrunner-1.9 Ubuntu upstream *
Xulrunner-1.9.1 Ubuntu jaunty *
Xulrunner-1.9.1 Ubuntu karmic *
Xulrunner-1.9.1 Ubuntu upstream *

Potential Mitigations

References