CVE-2009-2065 : Detail

CVE-2009-2065

Authorization problems
A07-Identif. and Authent. Fail
0.17%V3
Network
2009-06-15
17h00 +00:00
2017-08-16
12h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Metrics

Metrics Score Severity CVSS Vector Source
V2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Mozilla>>Firefox >> Version To (including) 3.0.9

Mozilla>>Firefox >> Version 0.1

Mozilla>>Firefox >> Version 0.2

Mozilla>>Firefox >> Version 0.3

Mozilla>>Firefox >> Version 0.4

Mozilla>>Firefox >> Version 0.5

Mozilla>>Firefox >> Version 0.6

Mozilla>>Firefox >> Version 0.6.1

Mozilla>>Firefox >> Version 0.7

Mozilla>>Firefox >> Version 0.7.1

Mozilla>>Firefox >> Version 0.8

Mozilla>>Firefox >> Version 0.9

Mozilla>>Firefox >> Version 0.9

Mozilla>>Firefox >> Version 0.9.1

Mozilla>>Firefox >> Version 0.9.2

Mozilla>>Firefox >> Version 0.9.3

Mozilla>>Firefox >> Version 0.9_rc

    Mozilla>>Firefox >> Version 0.10

    Mozilla>>Firefox >> Version 0.10.1

    Mozilla>>Firefox >> Version 1.0

    Mozilla>>Firefox >> Version 1.0

    Mozilla>>Firefox >> Version 1.0.1

    Mozilla>>Firefox >> Version 1.0.2

    Mozilla>>Firefox >> Version 1.0.3

    Mozilla>>Firefox >> Version 1.0.4

    Mozilla>>Firefox >> Version 1.0.5

    Mozilla>>Firefox >> Version 1.0.6

    Mozilla>>Firefox >> Version 1.0.7

    Mozilla>>Firefox >> Version 1.0.8

    Mozilla>>Firefox >> Version 1.4.1

    Mozilla>>Firefox >> Version 1.5

    Mozilla>>Firefox >> Version 1.5

    Mozilla>>Firefox >> Version 1.5

    Mozilla>>Firefox >> Version 1.5.0.1

    Mozilla>>Firefox >> Version 1.5.0.2

    Mozilla>>Firefox >> Version 1.5.0.3

    Mozilla>>Firefox >> Version 1.5.0.4

    Mozilla>>Firefox >> Version 1.5.0.5

    Mozilla>>Firefox >> Version 1.5.0.6

    Mozilla>>Firefox >> Version 1.5.0.7

    Mozilla>>Firefox >> Version 1.5.0.8

    Mozilla>>Firefox >> Version 1.5.0.9

    Mozilla>>Firefox >> Version 1.5.0.10

    Mozilla>>Firefox >> Version 1.5.0.11

    Mozilla>>Firefox >> Version 1.5.0.12

    Mozilla>>Firefox >> Version 1.5.1

    Mozilla>>Firefox >> Version 1.5.2

    Mozilla>>Firefox >> Version 1.5.3

    Mozilla>>Firefox >> Version 1.5.4

    Mozilla>>Firefox >> Version 1.5.6

    Mozilla>>Firefox >> Version 1.5.7

    Mozilla>>Firefox >> Version 1.5.8

    Mozilla>>Firefox >> Version 1.8

    Mozilla>>Firefox >> Version 2.0

    Mozilla>>Firefox >> Version 2.0

      Mozilla>>Firefox >> Version 2.0

        Mozilla>>Firefox >> Version 2.0

          Mozilla>>Firefox >> Version 2.0.0.3

          Mozilla>>Firefox >> Version 2.0.0.5

          Mozilla>>Firefox >> Version 2.0.0.7

          Mozilla>>Firefox >> Version 2.0.0.8

          Mozilla>>Firefox >> Version 2.0.0.9

          Mozilla>>Firefox >> Version 2.0.0.10

          Mozilla>>Firefox >> Version 2.0.0.11

          Mozilla>>Firefox >> Version 2.0.0.13

          Mozilla>>Firefox >> Version 2.0.0.14

          Mozilla>>Firefox >> Version 2.0.0.16

          Mozilla>>Firefox >> Version 2.0.0.17

          Mozilla>>Firefox >> Version 2.0.0.18

          Mozilla>>Firefox >> Version 2.0.0.19

          Mozilla>>Firefox >> Version 2.0.0.20

          Mozilla>>Firefox >> Version 2.0.0.21

            Mozilla>>Firefox >> Version 2.0_.1

              Mozilla>>Firefox >> Version 2.0_.4

                Mozilla>>Firefox >> Version 2.0_.6

                  Mozilla>>Firefox >> Version 2.0_.9

                    Mozilla>>Firefox >> Version 2.0_.10

                      Mozilla>>Firefox >> Version 2.0_8

                        Mozilla>>Firefox >> Version 3.0

                        Mozilla>>Firefox >> Version 3.0.2

                        Mozilla>>Firefox >> Version 3.0.3

                        Mozilla>>Firefox >> Version 3.0.4

                        Mozilla>>Firefox >> Version 3.0.5

                        Mozilla>>Firefox >> Version 3.0.6

                        Mozilla>>Firefox >> Version 3.0.7

                        Mozilla>>Firefox >> Version 3.0.10

                        References

                        http://www.securityfocus.com/bid/35403
                        Tags : vdb-entry, x_refsource_BID