CVE-2009-0358

EUVD-2009-0362
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
3.0
mozillafirefox
3.0:alpha
mozillafirefox
3.0:beta2
mozillafirefox
3.0:beta5
mozillafirefox
3.0.1
mozillafirefox
3.0.2
mozillafirefox
3.0.3
mozillafirefox
3.0.4
mozillafirefox
3.0.5
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
dapper
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
dne
firefox-3.0
dapper
dne
gutsy
ignored
hardy
Fixed 3.0.6+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 3.0.6+nobinonly-0ubuntu0.8.10.1
released
iceape
dapper
dne
gutsy
not-affected
hardy
dne
intrepid
dne
iceweasel
dapper
dne
gutsy
dne
hardy
dne
intrepid
dne
seamonkey
dapper
dne
gutsy
dne
hardy
not-affected
intrepid
not-affected
xulrunner
dapper
dne
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
xulrunner-1.9
dapper
dne
gutsy
ignored
hardy
Fixed 1.9.0.6+nobinonly-0ubuntu0.8.04.1
released
intrepid
Fixed 1.9.0.6+nobinonly-0ubuntu0.8.10.1
released
Common Weakness Enumeration
References
http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://secunia.com/advisories/33799
http://secunia.com/advisories/33809
http://secunia.com/advisories/33831
http://secunia.com/advisories/33841
http://secunia.com/advisories/33846
http://secunia.com/advisories/33869
http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html
http://www.securityfocus.com/bid/33598
http://www.securitytracker.com/id?1021667
http://www.ubuntu.com/usn/usn-717-1
http://www.vupen.com/english/advisories/2009/0313
https://bugzilla.mozilla.org/show_bug.cgi?id=441751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://secunia.com/advisories/33799
http://secunia.com/advisories/33809
http://secunia.com/advisories/33831
http://secunia.com/advisories/33841
http://secunia.com/advisories/33846
http://secunia.com/advisories/33869
http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html
http://www.securityfocus.com/bid/33598
http://www.securitytracker.com/id?1021667
http://www.ubuntu.com/usn/usn-717-1
http://www.vupen.com/english/advisories/2009/0313
https://bugzilla.mozilla.org/show_bug.cgi?id=441751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html