CVE-2009-2061

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.0.10

Description The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context by modifying a 3xx HTTP CONNECT response to specify a 302 redirect to an arbitrary https web site. This occurs because Mozilla Firefox processes a 3xx HTTP CONNECT response before a successful SSL handshake.

Recommendations For versions prior to 3.0.10, update to version 3.0.10 or later to resolve the issue.