Your submission was sent successfully! Close

CVE-2009-3984

Published: 15 December 2009

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Ignored
(uses system xulrunner)
intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Not vulnerable

upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.0.8+build1+nobinonly-0ubuntu0.8.04.1)
intrepid Needed
(reached end-of-life)
jaunty
Released (2.0.8+build1+nobinonly-0ubuntu0.9.04.1)
karmic
Released (2.0.8+build1+nobinonly-0ubuntu0.9.10.1)
lucid
Released (2.0.8+build1+nobinonly-0ubuntu0.10.04.1)
upstream
Released (2.0.1)
xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.9.0.16+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.16+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (1.9.0.16+nobinonly-0ubuntu0.9.04.1)
karmic Does not exist

lucid Does not exist

upstream
Released (1.9.0.16)
xulrunner-1.9.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid Does not exist

jaunty
Released (1.9.1.6+nobinonly-0ubuntu0.9.04.1)
karmic
Released (1.9.1.6+nobinonly-0ubuntu0.9.10.1)
lucid Does not exist

upstream Needs triage