Ming Zhang

**Name of the Vulnerable Software and Affected Versions** Apple Safari (affected versions not specified) **Description** The issue allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server. This is possible because Apple Safari does not require a cached certificate before displaying a lock icon for an https web site. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions prior to 8 **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script by modifying the CONNECT response from a proxy server. This is achieved by using the HTTP Host header to determine the context of a document provided in a 4xx or 5xx CONNECT response. **Recommendations** For versions prior to 8, update to version 8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 3.2.2 **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script by modifying the CONNECT response from a proxy server. This is achieved by using the HTTP Host header to determine the context of a document provided in a 4xx or 5xx CONNECT response. **Recommendations** For versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 9.25 **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script by modifying the CONNECT response from a proxy server. This is achieved by using the HTTP Host header to determine the context of a document provided in a 4xx or 5xx CONNECT response. **Recommendations** For Opera versions prior to 9.25, update to version 9.25 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.10 **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context by modifying a 3xx HTTP CONNECT response to specify a 302 redirect to an arbitrary https web site. This occurs because Mozilla Firefox processes a 3xx HTTP CONNECT response before a successful SSL handshake. **Recommendations** For versions prior to 3.0.10, update to version 3.0.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 3.2.2 **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context. This is achieved by modifying a 3xx HTTP CONNECT response to specify a 302 redirect to an arbitrary https web site, before a successful SSL handshake. **Recommendations** For Apple Safari versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 9.25 **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context. This is achieved by modifying a 3xx HTTP CONNECT response to specify a 302 redirect to an arbitrary https web site, before a successful SSL handshake. **Recommendations** For Opera versions prior to 9.25, update to version 9.25 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 8 **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context. This is achieved by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." **Recommendations** For Microsoft Internet Explorer version 8, consider disabling the ability to load http content in https web pages as a temporary workaround until a patch is available. Restrict access to http sites that can be used to include malicious script files in iframes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox version 3.0.10 **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context. This can be achieved by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." The problem occurs because Mozilla Firefox detects http content in https web pages only when the top-level frame uses https. **Recommendations** For Mozilla Firefox version 3.0.10, update to a version that includes a fix for this issue to prevent man-in-the-middle attackers from executing arbitrary web script.

**Name of the Vulnerable Software and Affected Versions** Apple Safari (affected versions not specified) **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context. This is possible by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Opera (affected versions not specified) **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context. This is possible by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome (affected versions not specified) **Description** The issue allows man-in-the-middle attackers to execute arbitrary web script in an https site's context. This is possible by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions prior to 8 **Description** The issue allows man-in-the-middle attackers to spoof an arbitrary https site. This is done by letting a browser obtain a valid certificate from the site during one request and then sending the browser a crafted 502 response page upon a subsequent request. The attackers can exploit this by displaying a cached certificate for a 4xx or 5xx CONNECT response page returned by a proxy server. **Recommendations** For Microsoft Internet Explorer versions prior to 8, update to version 8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opera (affected versions not specified) **Description** The issue allows man-in-the-middle attackers to spoof an arbitrary https site. This is done by letting a browser obtain a valid certificate from the site during one request and then sending the browser a crafted 502 response page upon a subsequent request. The attackers can exploit this by displaying a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 3.0.11 Thunderbird versions prior to 2.0.0.22 SeaMonkey versions prior to 1.1.17 Description: The issue allows man-in-the-middle attackers to execute arbitrary web script by modifying a non-200 CONNECT response from a proxy server. This is achieved by using the HTTP Host header to determine the context of a document. Recommendations: For Mozilla Firefox versions prior to 3.0.11, update to version 3.0.11 or later. For Thunderbird versions prior to 2.0.0.22, update to version 2.0.0.22 or later. For SeaMonkey versions prior to 1.1.17, update to version 1.1.17 or later.