Detections
Analytics
CVE-2009-0358
medium
Description
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
References
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610
https://bugzilla.mozilla.org/show_bug.cgi?id=441751
http://www.vupen.com/english/advisories/2009/0313
http://www.ubuntu.com/usn/usn-717-1
http://www.securitytracker.com/id?1021667
http://www.securityfocus.com/bid/33598
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm
http://secunia.com/advisories/33869
http://secunia.com/advisories/33846
http://secunia.com/advisories/33841
http://secunia.com/advisories/33831
http://secunia.com/advisories/33809
http://secunia.com/advisories/33799
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx