CVE-2009-1836

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-1836 at MITRE

Description

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 505563, 514733, 515951

SUSE Security Advisories:

SUSE-SA:2009:034, published Tue, 16 Jun 2009 13:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86	`mozilla >= 1.8_seamonkey_1.1.17-0.6` `mozilla-devel >= 1.8_seamonkey_1.1.17-0.6` `mozilla-dom-inspector >= 1.8_seamonkey_1.1.17-0.6` `mozilla-irc >= 1.8_seamonkey_1.1.17-0.6` `mozilla-mail >= 1.8_seamonkey_1.1.17-0.6` `mozilla-venkman >= 1.8_seamonkey_1.1.17-0.6`	core9.ia64 core9.ppc core9.s390 core9.s390x sles9-nld.x86-64 sles9-oes.x86 core9.x86 sles9-nlpos.x86 core9.x86-64 sles9-nld.x86 YOU Patch Nr: 12519
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64	`epiphany >= 1.2.10-0.9` `epiphany-doc >= 1.2.10-0.9` `epiphany-extensions >= 0.8.2-2.10` `epiphany-extensions-devel >= 0.8.2-2.10` `mozilla >= 1.8_seamonkey_1.1.17-0.6` `mozilla-devel >= 1.8_seamonkey_1.1.17-0.6` `mozilla-dom-inspector >= 1.8_seamonkey_1.1.17-0.6` `mozilla-irc >= 1.8_seamonkey_1.1.17-0.6` `mozilla-mail >= 1.8_seamonkey_1.1.17-0.6` `mozilla-venkman >= 1.8_seamonkey_1.1.17-0.6`	core9.ia64 core9.ppc core9.s390 core9.s390x sles9-nld.x86-64 sles9-oes.x86 core9.x86 sles9-nlpos.x86 core9.x86-64 sles9-nld.x86 YOU Patch Nr: 12519
openSUSE 10.3	`seamonkey >= 1.1.18-0.1` `seamonkey-dom-inspector >= 1.1.18-0.1` `seamonkey-irc >= 1.1.18-0.1` `seamonkey-mail >= 1.1.18-0.1` `seamonkey-spellchecker >= 1.1.18-0.1` `seamonkey-venkman >= 1.1.18-0.1`
SLE 11 DESKTOP Unsupported Extras	`MozillaThunderbird >= 2.0.0.22-0.1.1` `MozillaThunderbird-translations >= 2.0.0.22-0.1.1`	SAT Patch Nr: 1090
openSUSE 10.3	`MozillaThunderbird >= 2.0.0.22-0.1` `MozillaThunderbird-devel >= 2.0.0.22-0.1` `MozillaThunderbird-translations >= 2.0.0.22-0.1`

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute