Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https sites context, by modifying an http page to include an https iframe that references a script file on an http site, related to HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 3.0.9 (including) |
| Firefox | Mozilla | 0.1 (including) | 0.1 (including) |
| Firefox | Mozilla | 0.2 (including) | 0.2 (including) |
| Firefox | Mozilla | 0.3 (including) | 0.3 (including) |
| Firefox | Mozilla | 0.4 (including) | 0.4 (including) |
| Firefox | Mozilla | 0.5 (including) | 0.5 (including) |
| Firefox | Mozilla | 0.6 (including) | 0.6 (including) |
| Firefox | Mozilla | 0.6.1 (including) | 0.6.1 (including) |
| Firefox | Mozilla | 0.7 (including) | 0.7 (including) |
| Firefox | Mozilla | 0.7.1 (including) | 0.7.1 (including) |
| Firefox | Mozilla | 0.8 (including) | 0.8 (including) |
| Firefox | Mozilla | 0.9 (including) | 0.9 (including) |
| Firefox | Mozilla | 0.9-rc (including) | 0.9-rc (including) |
| Firefox | Mozilla | 0.9.1 (including) | 0.9.1 (including) |
| Firefox | Mozilla | 0.9.2 (including) | 0.9.2 (including) |
| Firefox | Mozilla | 0.9.3 (including) | 0.9.3 (including) |
| Firefox | Mozilla | 0.9_rc (including) | 0.9_rc (including) |
| Firefox | Mozilla | 0.10 (including) | 0.10 (including) |
| Firefox | Mozilla | 0.10.1 (including) | 0.10.1 (including) |
| Firefox | Mozilla | 1.0 (including) | 1.0 (including) |
| Firefox | Mozilla | 1.0-preview_release (including) | 1.0-preview_release (including) |
| Firefox | Mozilla | 1.0.1 (including) | 1.0.1 (including) |
| Firefox | Mozilla | 1.0.2 (including) | 1.0.2 (including) |
| Firefox | Mozilla | 1.0.3 (including) | 1.0.3 (including) |
| Firefox | Mozilla | 1.0.4 (including) | 1.0.4 (including) |
| Firefox | Mozilla | 1.0.5 (including) | 1.0.5 (including) |
| Firefox | Mozilla | 1.0.6 (including) | 1.0.6 (including) |
| Firefox | Mozilla | 1.0.7 (including) | 1.0.7 (including) |
| Firefox | Mozilla | 1.0.8 (including) | 1.0.8 (including) |
| Firefox | Mozilla | 1.4.1 (including) | 1.4.1 (including) |
| Firefox | Mozilla | 1.5 (including) | 1.5 (including) |
| Firefox | Mozilla | 1.5-beta1 (including) | 1.5-beta1 (including) |
| Firefox | Mozilla | 1.5-beta2 (including) | 1.5-beta2 (including) |
| Firefox | Mozilla | 1.5.0.1 (including) | 1.5.0.1 (including) |
| Firefox | Mozilla | 1.5.0.2 (including) | 1.5.0.2 (including) |
| Firefox | Mozilla | 1.5.0.3 (including) | 1.5.0.3 (including) |
| Firefox | Mozilla | 1.5.0.4 (including) | 1.5.0.4 (including) |
| Firefox | Mozilla | 1.5.0.5 (including) | 1.5.0.5 (including) |
| Firefox | Mozilla | 1.5.0.6 (including) | 1.5.0.6 (including) |
| Firefox | Mozilla | 1.5.0.7 (including) | 1.5.0.7 (including) |
| Firefox | Mozilla | 1.5.0.8 (including) | 1.5.0.8 (including) |
| Firefox | Mozilla | 1.5.0.9 (including) | 1.5.0.9 (including) |
| Firefox | Mozilla | 1.5.0.10 (including) | 1.5.0.10 (including) |
| Firefox | Mozilla | 1.5.0.11 (including) | 1.5.0.11 (including) |
| Firefox | Mozilla | 1.5.0.12 (including) | 1.5.0.12 (including) |
| Firefox | Mozilla | 1.5.1 (including) | 1.5.1 (including) |
| Firefox | Mozilla | 1.5.2 (including) | 1.5.2 (including) |
| Firefox | Mozilla | 1.5.3 (including) | 1.5.3 (including) |
| Firefox | Mozilla | 1.5.4 (including) | 1.5.4 (including) |
| Firefox | Mozilla | 1.5.6 (including) | 1.5.6 (including) |
| Firefox | Mozilla | 1.5.7 (including) | 1.5.7 (including) |
| Firefox | Mozilla | 1.5.8 (including) | 1.5.8 (including) |
| Firefox | Mozilla | 1.8 (including) | 1.8 (including) |
| Firefox | Mozilla | 2.0 (including) | 2.0 (including) |
| Firefox | Mozilla | 2.0-beta_1 (including) | 2.0-beta_1 (including) |
| Firefox | Mozilla | 2.0-beta1 (including) | 2.0-beta1 (including) |
| Firefox | Mozilla | 2.0-rc3 (including) | 2.0-rc3 (including) |
| Firefox | Mozilla | 2.0.0.3 (including) | 2.0.0.3 (including) |
| Firefox | Mozilla | 2.0.0.5 (including) | 2.0.0.5 (including) |
| Firefox | Mozilla | 2.0.0.7 (including) | 2.0.0.7 (including) |
| Firefox | Mozilla | 2.0.0.8 (including) | 2.0.0.8 (including) |
| Firefox | Mozilla | 2.0.0.9 (including) | 2.0.0.9 (including) |
| Firefox | Mozilla | 2.0.0.10 (including) | 2.0.0.10 (including) |
| Firefox | Mozilla | 2.0.0.11 (including) | 2.0.0.11 (including) |
| Firefox | Mozilla | 2.0.0.13 (including) | 2.0.0.13 (including) |
| Firefox | Mozilla | 2.0.0.14 (including) | 2.0.0.14 (including) |
| Firefox | Mozilla | 2.0.0.16 (including) | 2.0.0.16 (including) |
| Firefox | Mozilla | 2.0.0.17 (including) | 2.0.0.17 (including) |
| Firefox | Mozilla | 2.0.0.18 (including) | 2.0.0.18 (including) |
| Firefox | Mozilla | 2.0.0.19 (including) | 2.0.0.19 (including) |
| Firefox | Mozilla | 2.0.0.20 (including) | 2.0.0.20 (including) |
| Firefox | Mozilla | 2.0.0.21 (including) | 2.0.0.21 (including) |
| Firefox | Mozilla | 2.0_.1 (including) | 2.0_.1 (including) |
| Firefox | Mozilla | 2.0_.4 (including) | 2.0_.4 (including) |
| Firefox | Mozilla | 2.0_.6 (including) | 2.0_.6 (including) |
| Firefox | Mozilla | 2.0_.9 (including) | 2.0_.9 (including) |
| Firefox | Mozilla | 2.0_.10 (including) | 2.0_.10 (including) |
| Firefox | Mozilla | 2.0_8 (including) | 2.0_8 (including) |
| Firefox | Mozilla | 3.0 (including) | 3.0 (including) |
| Firefox | Mozilla | 3.0.2 (including) | 3.0.2 (including) |
| Firefox | Mozilla | 3.0.3 (including) | 3.0.3 (including) |
| Firefox | Mozilla | 3.0.4 (including) | 3.0.4 (including) |
| Firefox | Mozilla | 3.0.5 (including) | 3.0.5 (including) |
| Firefox | Mozilla | 3.0.6 (including) | 3.0.6 (including) |
| Firefox | Mozilla | 3.0.7 (including) | 3.0.7 (including) |
| Firefox | Mozilla | 3.0.10 (including) | 3.0.10 (including) |
| Firefox | Ubuntu | dapper | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | hardy | * |
| Firefox | Ubuntu | lucid | * |
| Firefox | Ubuntu | maverick | * |
| Seamonkey | Ubuntu | devel | * |
| Seamonkey | Ubuntu | hardy | * |
| Seamonkey | Ubuntu | intrepid | * |
| Seamonkey | Ubuntu | jaunty | * |
| Seamonkey | Ubuntu | karmic | * |
| Seamonkey | Ubuntu | lucid | * |
| Seamonkey | Ubuntu | maverick | * |
| Seamonkey | Ubuntu | upstream | * |
| Xulrunner | Ubuntu | hardy | * |
| Xulrunner | Ubuntu | intrepid | * |
| Xulrunner | Ubuntu | jaunty | * |
| Xulrunner | Ubuntu | karmic | * |
| Xulrunner-1.9 | Ubuntu | hardy | * |
| Xulrunner-1.9 | Ubuntu | intrepid | * |
| Xulrunner-1.9 | Ubuntu | jaunty | * |
| Xulrunner-1.9 | Ubuntu | upstream | * |
| Xulrunner-1.9.1 | Ubuntu | jaunty | * |
| Xulrunner-1.9.1 | Ubuntu | karmic | * |
| Xulrunner-1.9.1 | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- http://research.microsoft.com/apps/pubs/default.aspx?id=79323
- http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
- http://www.securityfocus.com/bid/35403
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51189
- http://research.microsoft.com/apps/pubs/default.aspx?id=79323
- http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
- http://www.securityfocus.com/bid/35403
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51189