Download Firefox

Firefox is no longer supported on Windows 8.1 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox is no longer supported on macOS 10.14 and below.

Please download Firefox ESR (Extended Support Release) to use Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2009-27

SSL tampering via non-200 responses to proxy CONNECT requests

Announced
June 11, 2009
Reporter
Shuo Chen, Ziqing Mao, Yi-Min Wang, Ming Zhang
Impact
High
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 3.0.10
  • SeaMonkey 1.1.17
  • Thunderbird 2.0.0.22

Description

Microsoft security researchers Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang reported that when a CONNECT request is sent to a proxy server and a non-200 response is returned, then the body of the response is incorrectly rendered within the context of the request Host: header. An active network attacker could use this vulnerability to intercept a CONNECT request and reply with a non-200 response containing malicious code which would be executed within the context of the victim's requested SSL-protected domain. Since this attack requires the victim to have a proxy configured, the severity of this issue was determined to be high.

Thunderbird mail messages are not vulnerable to this flaw, but if Thunderbird were being used in a browser-like manner (through Add-ons, perhaps) and JavaScript were enabled (not the default settng) then users could be vulnerable to this flaw in older versions.

References