6.8

CVE-2009-1836

Exploit
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 3.0.10
MozillaFirefox Version0.1
MozillaFirefox Version0.2
MozillaFirefox Version0.3
MozillaFirefox Version0.4
MozillaFirefox Version0.5
MozillaFirefox Version0.6
MozillaFirefox Version0.6.1
MozillaFirefox Version0.7
MozillaFirefox Version0.7.1
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9 Updaterc
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.9_rc
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0 Updatepreview_release
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
MozillaFirefox Version1.0.6 Editionlinux
MozillaFirefox Version1.0.7
MozillaFirefox Version1.0.8
MozillaFirefox Version1.4.1
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Version1.5.0.1
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.0.3
MozillaFirefox Version1.5.0.4
MozillaFirefox Version1.5.0.5
MozillaFirefox Version1.5.0.6
MozillaFirefox Version1.5.0.7
MozillaFirefox Version1.5.0.8
MozillaFirefox Version1.5.0.9
MozillaFirefox Version1.5.0.10
MozillaFirefox Version1.5.0.11
MozillaFirefox Version1.5.0.12
MozillaFirefox Version1.5.1
MozillaFirefox Version1.5.2
MozillaFirefox Version1.5.3
MozillaFirefox Version1.5.4
MozillaFirefox Version1.5.5
MozillaFirefox Version1.5.6
MozillaFirefox Version1.5.7
MozillaFirefox Version1.5.8
MozillaFirefox Version1.8
MozillaFirefox Version2.0
MozillaFirefox Version2.0 Updatebeta_1
MozillaFirefox Version2.0 Updatebeta1
MozillaFirefox Version2.0 Updaterc2
MozillaFirefox Version2.0 Updaterc3
MozillaFirefox Version2.0.0.1
MozillaFirefox Version2.0.0.2
MozillaFirefox Version2.0.0.3
MozillaFirefox Version2.0.0.4
MozillaFirefox Version2.0.0.5
MozillaFirefox Version2.0.0.6
MozillaFirefox Version2.0.0.7
MozillaFirefox Version2.0.0.8
MozillaFirefox Version2.0.0.9
MozillaFirefox Version2.0.0.10
MozillaFirefox Version2.0.0.11
MozillaFirefox Version2.0.0.12
MozillaFirefox Version2.0.0.13
MozillaFirefox Version2.0.0.14
MozillaFirefox Version2.0.0.15
MozillaFirefox Version2.0.0.16
MozillaFirefox Version2.0.0.17
MozillaFirefox Version2.0.0.18
MozillaFirefox Version2.0.0.19
MozillaFirefox Version2.0.0.20
MozillaFirefox Version2.0.0.21
MozillaFirefox Version2.0_.1
MozillaFirefox Version2.0_.4
MozillaFirefox Version2.0_.5
MozillaFirefox Version2.0_.6
MozillaFirefox Version2.0_.7
MozillaFirefox Version2.0_.9
MozillaFirefox Version2.0_.10
MozillaFirefox Version2.0_8
MozillaFirefox Version3.0
MozillaFirefox Version3.0 Updatealpha
MozillaFirefox Version3.0 Updatebeta2
MozillaFirefox Version3.0 Updatebeta5
MozillaFirefox Version3.0.1
MozillaFirefox Version3.0.2
MozillaFirefox Version3.0.3
MozillaFirefox Version3.0.4
MozillaFirefox Version3.0.5
MozillaFirefox Version3.0.6
MozillaFirefox Version3.0.7
MozillaFirefox Version3.0.8
MozillaFirefox Version3.0.9
MozillaFirefox Version3.0beta5
MozillaSeamonkey Version <= 1.1.16
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0 Editionalpha
MozillaSeamonkey Version1.0 Editionbeta
MozillaSeamonkey Version1.0 Editiondev
MozillaSeamonkey Version1.0 Updatealpha
MozillaSeamonkey Version1.0 Updatebeta
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.6
MozillaSeamonkey Version1.0.8
MozillaSeamonkey Version1.0.9
MozillaSeamonkey Version1.0.99
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1 Updatealpha
MozillaSeamonkey Version1.1 Updatebeta
MozillaSeamonkey Version1.1.1
MozillaSeamonkey Version1.1.3
MozillaSeamonkey Version1.1.5
MozillaSeamonkey Version1.1.5 Update1.1.10
MozillaSeamonkey Version1.1.6
MozillaSeamonkey Version1.1.7
MozillaSeamonkey Version1.1.8
MozillaSeamonkey Version1.1.9
MozillaSeamonkey Version1.1.10
MozillaSeamonkey Version1.1.11
MozillaSeamonkey Version1.1.12
MozillaSeamonkey Version1.1.13
MozillaSeamonkey Version1.1.15
MozillaThunderbird Version <= 2.0.0.19
MozillaThunderbird Version0.1
MozillaThunderbird Version0.2
MozillaThunderbird Version0.3
MozillaThunderbird Version0.4
MozillaThunderbird Version0.5
MozillaThunderbird Version0.6
MozillaThunderbird Version0.7
MozillaThunderbird Version0.7.1
MozillaThunderbird Version0.7.2
MozillaThunderbird Version0.7.3
MozillaThunderbird Version0.8
MozillaThunderbird Version0.9
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.1
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.3
MozillaThunderbird Version1.0.4
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.5 Updatebeta
MozillaThunderbird Version1.0.6
MozillaThunderbird Version1.0.7
MozillaThunderbird Version1.0.8
MozillaThunderbird Version1.5
MozillaThunderbird Version1.5 Updatebeta2
MozillaThunderbird Version1.5.0.1
MozillaThunderbird Version1.5.0.2
MozillaThunderbird Version1.5.0.3
MozillaThunderbird Version1.5.0.4
MozillaThunderbird Version1.5.0.5
MozillaThunderbird Version1.5.0.6
MozillaThunderbird Version1.5.0.7
MozillaThunderbird Version1.5.0.8
MozillaThunderbird Version1.5.0.9
MozillaThunderbird Version1.5.0.10
MozillaThunderbird Version1.5.0.11
MozillaThunderbird Version1.5.0.12
MozillaThunderbird Version1.5.0.13
MozillaThunderbird Version1.5.0.14
MozillaThunderbird Version1.5.1
MozillaThunderbird Version1.5.2
MozillaThunderbird Version1.7.1
MozillaThunderbird Version1.7.3
MozillaThunderbird Version2.0.0.0
MozillaThunderbird Version2.0.0.1
MozillaThunderbird Version2.0.0.2
MozillaThunderbird Version2.0.0.3
MozillaThunderbird Version2.0.0.4
MozillaThunderbird Version2.0.0.5
MozillaThunderbird Version2.0.0.6
MozillaThunderbird Version2.0.0.7
MozillaThunderbird Version2.0.0.8
MozillaThunderbird Version2.0.0.9
MozillaThunderbird Version2.0.0.11
MozillaThunderbird Version2.0.0.12
MozillaThunderbird Version2.0.0.13
MozillaThunderbird Version2.0.0.14
MozillaThunderbird Version2.0.0.15
MozillaThunderbird Version2.0.0.16
MozillaThunderbird Version2.0.0.17
MozillaThunderbird Version2.0.0.18
MozillaThunderbird Version2.0_.4
MozillaThunderbird Version2.0_.5
MozillaThunderbird Version2.0_.6
MozillaThunderbird Version2.0_.9
MozillaThunderbird Version2.0_.12
MozillaThunderbird Version2.0_.13
MozillaThunderbird Version2.0_.14
MozillaThunderbird Version2.0_8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.03% 0.831
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.debian.org/security/2009/dsa-1830
http://secunia.com/advisories/35602
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
http://secunia.com/advisories/35536
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://www.ubuntu.com/usn/usn-782-1
http://secunia.com/advisories/35561
http://secunia.com/advisories/35882
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
http://secunia.com/advisories/35331
Vendor Advisory
http://secunia.com/advisories/35415
http://secunia.com/advisories/35431
Vendor Advisory
http://secunia.com/advisories/35439
Vendor Advisory
http://secunia.com/advisories/35440
Vendor Advisory
http://secunia.com/advisories/35468
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
http://www.debian.org/security/2009/dsa-1820
http://www.securityfocus.com/bid/35326
http://www.vupen.com/english/advisories/2009/1572
Patch
Vendor Advisory
https://rhn.redhat.com/errata/RHSA-2009-1095.html
Patch
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
http://osvdb.org/55160
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
Vendor Advisory
http://www.securityfocus.com/bid/35380
http://www.securitytracker.com/id?1022396
https://bugzilla.mozilla.org/show_bug.cgi?id=479880
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=503578
Exploit
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11764