CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
intrepid
dne
hardy
not-affected
gutsy
not-affected
dapper
not-affected
firefox-3.0
intrepid
Fixed 3.0.6+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 3.0.6+nobinonly-0ubuntu0.8.04.1
released
gutsy
ignored
dapper
dne
iceape
intrepid
dne
hardy
dne
gutsy
not-affected
dapper
dne
iceweasel
intrepid
dne
hardy
dne
gutsy
dne
dapper
dne
seamonkey
intrepid
not-affected
hardy
not-affected
gutsy
dne
dapper
dne
xulrunner
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
dne
xulrunner-1.9
intrepid
Fixed 1.9.0.6+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 1.9.0.6+nobinonly-0ubuntu0.8.04.1
released
gutsy
ignored
dapper
dne
Common Weakness Enumeration
References
http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://secunia.com/advisories/33799
http://secunia.com/advisories/33809
http://secunia.com/advisories/33831
http://secunia.com/advisories/33841
http://secunia.com/advisories/33846
http://secunia.com/advisories/33869
http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html
http://www.securityfocus.com/bid/33598
http://www.securitytracker.com/id?1021667
http://www.ubuntu.com/usn/usn-717-1
http://www.vupen.com/english/advisories/2009/0313
https://bugzilla.mozilla.org/show_bug.cgi?id=441751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://secunia.com/advisories/33799
http://secunia.com/advisories/33809
http://secunia.com/advisories/33831
http://secunia.com/advisories/33841
http://secunia.com/advisories/33846
http://secunia.com/advisories/33869
http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html
http://www.securityfocus.com/bid/33598
http://www.securitytracker.com/id?1021667
http://www.ubuntu.com/usn/usn-717-1
http://www.vupen.com/english/advisories/2009/0313
https://bugzilla.mozilla.org/show_bug.cgi?id=441751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html