Design/Logic Flaw

2009-06-1519:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

29.8%

JSON

Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site’s context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

CPENameOperatorVersion
firefoxeq0.1
firefoxeq0.9.0-rc
firefoxeq0.8
firefoxeq2.0.0.12
firefoxeq1.5 beta2
firefoxeq3.0.7
firefoxeq1.5.2
firefoxle3.0.9
firefoxeq1.5.0.6
firefoxeq1.5.0.10

Name	Operator	Version
firefox	eq	0.1
firefox	eq	0.9.0-rc
firefox	eq	0.8
firefox	eq	2.0.0.12
firefox	eq	1.5 beta2
firefox	eq	3.0.7
firefox	eq	1.5.2
firefox	le	3.0.9
firefox	eq	1.5.0.6
firefox	eq	1.5.0.10