CVE-2009-2065

Name of the Vulnerable Software and Affected Versions Mozilla Firefox version 3.0.10

Description The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context. This can be achieved by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." The problem occurs because Mozilla Firefox detects http content in https web pages only when the top-level frame uses https.

Recommendations For Mozilla Firefox version 3.0.10, update to a version that includes a fix for this issue to prevent man-in-the-middle attackers from executing arbitrary web script.