CVE-2009-3984 (retired)

Priority
Description
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before
2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or
a file URL by setting document.location to an https URL corresponding to a
site that responds with a No Content (aka 204) status code and an empty
body.
Package
Upstream:needs-triage
Package
Upstream:released (2.0.1)
Package
Upstream:released (1.9.0.16)
Package
Upstream:needs-triage
More Information

Updated: 2019-09-19 15:19:50 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)