Mozilla » Thunderbird » 2.0.0.5 : Security Vulnerabilities, CVEs, Published In 2009 (Bypass)

cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

CVE-2009-1836

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Max CVSS
6.8
EPSS Score
1.12%
Published
2009-06-12
Updated
2018-10-30
1 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close