Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability

Multiple Web browsers are prone to a man-in-the-middle vulnerability.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how sites are rendered to the user. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

UPDATE (June 17, 2009): This BID had been updated to reflect that the issue affects multiple browsers, not just Mozilla products.


Privacy Statement
Copyright 2010, SecurityFocus