CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
intrepid
dne
hardy
not-affected
gutsy
not-affected
dapper
not-affected
firefox-3.0
intrepid
Fixed 3.0.6+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 3.0.6+nobinonly-0ubuntu0.8.04.1
released
gutsy
ignored
dapper
dne
iceape
intrepid
dne
hardy
dne
gutsy
not-affected
dapper
dne
iceweasel
intrepid
dne
hardy
dne
gutsy
dne
dapper
dne
seamonkey
intrepid
not-affected
hardy
not-affected
gutsy
dne
dapper
dne
xulrunner
intrepid
not-affected
hardy
not-affected
gutsy
not-affected
dapper
dne
xulrunner-1.9
intrepid
Fixed 1.9.0.6+nobinonly-0ubuntu0.8.10.1
released
hardy
Fixed 1.9.0.6+nobinonly-0ubuntu0.8.04.1
released
gutsy
ignored
dapper
dne
References