Jonathan Morgan

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.16 Mozilla Firefox versions 3.5.x prior to 3.5.6 SeaMonkey versions prior to 2.0.1 **Description** The issue allows remote attackers to spoof an SSL indicator for an http URL or a file URL. This is achieved by setting `document.location` to an https URL corresponding to a site that responds with a No Content status code and an empty body. **Recommendations** For Mozilla Firefox versions prior to 3.0.16, update to version 3.0.16 or later. For Mozilla Firefox versions 3.5.x prior to 3.5.6, update to version 3.5.6 or later. For SeaMonkey versions prior to 2.0.1, update to version 2.0.1 or later.