What is the severity of CVE-2009-2061?

CVE-2009-2061 has a severity rating that can lead to arbitrary web script execution by a man-in-the-middle, making it a significant security concern.

How do I fix CVE-2009-2061?

To mitigate CVE-2009-2061, upgrade to Mozilla Firefox version 3.0.10 or later, where this issue has been resolved.

What versions of Firefox are affected by CVE-2009-2061?

CVE-2009-2061 affects Mozilla Firefox versions prior to 3.0.10, including various earlier versions.

Can CVE-2009-2061 allow attackers to intercept traffic?

Yes, CVE-2009-2061 allows man-in-the-middle attackers to intercept and redirect HTTPS traffic due to improper handling of HTTP CONNECT responses.

Who is affected by CVE-2009-2061?

Users of vulnerable versions of Mozilla Firefox prior to 3.0.10 are at risk from CVE-2009-2061.

Vulnerability/
CVE-2009-2061

critical

9.3

CWE

310

15/6/2009

17/8/2017

CVE-2009-2061

First published: Mon Jun 15 2009(Updated: )

Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	=0.1
Mozilla Firefox	=0.9_rc
Mozilla Firefox	=0.8
Mozilla Firefox	=2.0.0.12
Mozilla Firefox	=1.5-beta2
Mozilla Firefox	=3.0.7
Mozilla Firefox	=1.5.2
Mozilla Firefox	<=3.0.9
Mozilla Firefox	=1.5.0.6
Mozilla Firefox	=1.5.0.10
Mozilla Firefox	=1.5.0.3
Mozilla Firefox	=3.0.8
Mozilla Firefox	=1.5.0.11
Mozilla Firefox	=1.4.1
Mozilla Firefox	=1.5.4
Mozilla Firefox	=1.0.2
Mozilla Firefox	=3.0.4
Mozilla Firefox	=1.5-beta1
Mozilla Firefox	=2.0_.9
Mozilla Firefox	=1.5
Mozilla Firefox	=0.9.1
Mozilla Firefox	=1.0.4
Mozilla Firefox	=2.0.0.7
Mozilla Firefox	=1.0.7
Mozilla Firefox	=2.0.0.9
Mozilla Firefox	=0.10.1
Mozilla Firefox	=2.0_.1
Mozilla Firefox	=0.9
Mozilla Firefox	=1.5.6
Mozilla Firefox	=2.0.0.17
Mozilla Firefox	=0.7
Mozilla Firefox	=2.0.0.15
Mozilla Firefox	=0.2
Mozilla Firefox	=0.3
Mozilla Firefox	=1.0
Mozilla Firefox	=1.5.0.7
Mozilla Firefox	=2.0
Mozilla Firefox	=1.0.1
Mozilla Firefox	=2.0.0.14
Mozilla Firefox	=0.6
Mozilla Firefox	=0.7.1
Mozilla Firefox	=3.0.6
Mozilla Firefox	=1.5.0.8
Mozilla Firefox	=2.0_.5
Mozilla Firefox	=2.0.0.3
Mozilla Firefox	=1.5.0.9
Mozilla Firefox	=1.5.0.5
Mozilla Firefox	=1.5.7
Mozilla Firefox	=1.5.0.12
Mozilla Firefox	=2.0.0.6
Mozilla Firefox	=3.0
Mozilla Firefox	=2.0.0.11
Mozilla Firefox	=1.5.0.2
Mozilla Firefox	=1.0.3
Mozilla Firefox	=3.0.1
Mozilla Firefox	=2.0.0.4
Mozilla Firefox	=0.5
Mozilla Firefox	=0.6.1
Mozilla Firefox	=1.5.1
Mozilla Firefox	=2.0.0.21
Mozilla Firefox	=0.9.3
Mozilla Firefox	=2.0.0.13
Mozilla Firefox	=2.0.0.18
Mozilla Firefox	=2.0-rc2
Mozilla Firefox	=2.0.0.1
Mozilla Firefox	=3.0.2
Mozilla Firefox	=2.0_.6
Mozilla Firefox	=2.0_.4
Mozilla Firefox	=1.5.5
Mozilla Firefox	=0.9.2
Mozilla Firefox	=1.0-preview_release
Mozilla Firefox	=2.0-beta_1
Mozilla Firefox	=2.0.0.20
Mozilla Firefox	=0.9-rc
Mozilla Firefox	=2.0.0.19
Mozilla Firefox	=1.5.8
Mozilla Firefox	=1.5.3
Mozilla Firefox	=0.4
Mozilla Firefox	=1.5.0.4
Mozilla Firefox	=1.5.0.1
Mozilla Firefox	=0.10
Mozilla Firefox	=1.0.5
Mozilla Firefox	=2.0.0.5
Mozilla Firefox	=2.0.0.10
Mozilla Firefox	=2.0-rc3
Mozilla Firefox	=1.0.6
Mozilla Firefox	=1.0.8

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2061?
CVE-2009-2061 has a severity rating that can lead to arbitrary web script execution by a man-in-the-middle, making it a significant security concern.
How do I fix CVE-2009-2061?
To mitigate CVE-2009-2061, upgrade to Mozilla Firefox version 3.0.10 or later, where this issue has been resolved.
What versions of Firefox are affected by CVE-2009-2061?
CVE-2009-2061 affects Mozilla Firefox versions prior to 3.0.10, including various earlier versions.
Can CVE-2009-2061 allow attackers to intercept traffic?
Yes, CVE-2009-2061 allows man-in-the-middle attackers to intercept and redirect HTTPS traffic due to improper handling of HTTP CONNECT responses.
Who is affected by CVE-2009-2061?
Users of vulnerable versions of Mozilla Firefox prior to 3.0.10 are at risk from CVE-2009-2061.

agent/references
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/description
agent/type
agent/event
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/weakness
agent/author
agent/severity
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/0.1
version/mozilla firefox/0.9_rc
version/mozilla firefox/0.8
version/mozilla firefox/2.0.0.12
version/mozilla firefox/1.5-beta2
version/mozilla firefox/3.0.7
version/mozilla firefox/1.5.2
version/mozilla firefox/3.0.9
version/mozilla firefox/1.5.0.6
version/mozilla firefox/1.5.0.10
version/mozilla firefox/1.5.0.3
version/mozilla firefox/3.0.8
version/mozilla firefox/1.5.0.11
version/mozilla firefox/1.4.1
version/mozilla firefox/1.5.4
version/mozilla firefox/1.0.2
version/mozilla firefox/3.0.4
version/mozilla firefox/1.5-beta1
version/mozilla firefox/2.0_.9
version/mozilla firefox/1.5
version/mozilla firefox/0.9.1
version/mozilla firefox/1.0.4
version/mozilla firefox/2.0.0.7
version/mozilla firefox/1.0.7
version/mozilla firefox/2.0.0.9
version/mozilla firefox/0.10.1
version/mozilla firefox/2.0_.1
version/mozilla firefox/0.9
version/mozilla firefox/1.5.6
version/mozilla firefox/2.0.0.17
version/mozilla firefox/0.7
version/mozilla firefox/2.0.0.15
version/mozilla firefox/0.2
version/mozilla firefox/0.3
version/mozilla firefox/1.0
version/mozilla firefox/1.5.0.7
version/mozilla firefox/2.0
version/mozilla firefox/1.0.1
version/mozilla firefox/2.0.0.14
version/mozilla firefox/0.6
version/mozilla firefox/0.7.1
version/mozilla firefox/3.0.6
version/mozilla firefox/1.5.0.8
version/mozilla firefox/2.0_.5
version/mozilla firefox/2.0.0.3
version/mozilla firefox/1.5.0.9
version/mozilla firefox/1.5.0.5
version/mozilla firefox/1.5.7
version/mozilla firefox/1.5.0.12
version/mozilla firefox/2.0.0.6
version/mozilla firefox/3.0
version/mozilla firefox/2.0.0.11
version/mozilla firefox/1.5.0.2
version/mozilla firefox/1.0.3
version/mozilla firefox/3.0.1
version/mozilla firefox/2.0.0.4
version/mozilla firefox/0.5
version/mozilla firefox/0.6.1
version/mozilla firefox/1.5.1
version/mozilla firefox/2.0.0.21
version/mozilla firefox/0.9.3
version/mozilla firefox/2.0.0.13
version/mozilla firefox/2.0.0.18
version/mozilla firefox/2.0-rc2
version/mozilla firefox/2.0.0.1
version/mozilla firefox/3.0.2
version/mozilla firefox/2.0_.6
version/mozilla firefox/2.0_.4
version/mozilla firefox/1.5.5
version/mozilla firefox/0.9.2
version/mozilla firefox/1.0-preview_release
version/mozilla firefox/2.0-beta_1
version/mozilla firefox/2.0.0.20
version/mozilla firefox/0.9-rc
version/mozilla firefox/2.0.0.19
version/mozilla firefox/1.5.8
version/mozilla firefox/1.5.3
version/mozilla firefox/0.4
version/mozilla firefox/1.5.0.4
version/mozilla firefox/1.5.0.1
version/mozilla firefox/0.10
version/mozilla firefox/1.0.5
version/mozilla firefox/2.0.0.5
version/mozilla firefox/2.0.0.10
version/mozilla firefox/2.0-rc3
version/mozilla firefox/1.0.6
version/mozilla firefox/1.0.8

CVE-2009-2061

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2061?

How do I fix CVE-2009-2061?

What versions of Firefox are affected by CVE-2009-2061?

Can CVE-2009-2061 allow attackers to intercept traffic?

Who is affected by CVE-2009-2061?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2009-2061?

How do I fix CVE-2009-2061?

What versions of Firefox are affected by CVE-2009-2061?

Can CVE-2009-2061 allow attackers to intercept traffic?

Who is affected by CVE-2009-2061?