Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2009-2061

Опубликовано: 15 июн. 2009
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 9.3

Описание

Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

РелизСтатусПримечание
dapper

ignored

end of life
devel

not-affected

hardy

ignored

end of life
intrepid

DNE

jaunty

DNE

karmic

DNE

lucid

not-affected

maverick

not-affected

natty

not-affected

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

not-affected

hardy

ignored

end of life
intrepid

ignored

end of life, was needs-triage
jaunty

not-affected

karmic

not-affected

lucid

not-affected

maverick

not-affected

natty

not-affected

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

ignored

end of life
devel

not-affected

hardy

ignored

end of life
intrepid

ignored

end of life, was needs-triage
jaunty

not-affected

karmic

not-affected

lucid

not-affected

maverick

not-affected

natty

not-affected

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

not-affected

code does not exist
devel

not-affected

hardy

not-affected

code does not exist
intrepid

ignored

end of life, was needs-triage
jaunty

not-affected

karmic

not-affected

lucid

not-affected

maverick

not-affected

natty

not-affected

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

1.1.17+nobinonly-0ubuntu1
hardy

released

1.1.17+nobinonly-0ubuntu0.8.04.1
intrepid

released

1.1.17+nobinonly-0ubuntu0.8.10.1
jaunty

released

1.1.17+nobinonly-0ubuntu0.9.04.1
karmic

released

1.1.17+nobinonly-0ubuntu1
lucid

released

1.1.17+nobinonly-0ubuntu1
maverick

released

1.1.17+nobinonly-0ubuntu1
natty

released

1.1.17+nobinonly-0ubuntu1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

not-affected

hardy

ignored

end of life
intrepid

ignored

end of life, was needs-triage
jaunty

not-affected

karmic

not-affected

lucid

not-affected

maverick

not-affected

natty

not-affected

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

released

1.9.0.11+build2+nobinonly-0ubuntu0.8.04.1
intrepid

released

1.9.0.11+build2+nobinonly-0ubuntu0.8.10.2
jaunty

released

1.9.0.11+build2+nobinonly-0ubuntu0.9.04.1
karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

upstream

released

1.9.0.11

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

DNE

intrepid

DNE

jaunty

released

1.9.1+nobinonly-0ubuntu0.9.04.1
karmic

released

1.9.1~rc2+nobinonly-0ubuntu1
lucid

DNE

maverick

DNE

natty

DNE

upstream

released

1.9.1rc2

Показывать по

Ссылки на источники

EPSS

Процентиль: 56%
0.00338
Низкий

9.3 Critical

CVSS2

Связанные уязвимости

nvd логотип

CVE-2009-2061

nvd
больше 16 лет назад

Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

debian логотип

CVE-2009-2061

debian
больше 16 лет назад

Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response be ...

github логотип

GHSA-9v88-wfr2-2gxh

github
почти 4 года назад

Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

EPSS

Процентиль: 56%
0.00338
Низкий

9.3 Critical

CVSS2

Уязвимость CVE-2009-2061