CVE-2009-0358

CVSS v2.0 3.3 (Low)

EPSS 0.04 % (11^th)

Affected Products 1

Advisories 6

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2009-02-04 19:30:00
(15 years ago)
Updated Date: 2017-09-29 01:33:46
(7 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 3.0	cpe:2.3:a:mozilla:firefox:3.0
	Mozilla Firefox 3.0 Alpha	cpe:2.3:a:mozilla:firefox:3.0:alpha
	Mozilla Firefox 3.0 Beta2	cpe:2.3:a:mozilla:firefox:3.0:beta2
	Mozilla Firefox 3.0 Beta5	cpe:2.3:a:mozilla:firefox:3.0:beta5
	Mozilla Firefox 3.0.1	cpe:2.3:a:mozilla:firefox:3.0.1
	Mozilla Firefox 3.0.2	cpe:2.3:a:mozilla:firefox:3.0.2
	Mozilla Firefox 3.0.3	cpe:2.3:a:mozilla:firefox:3.0.3
	Mozilla Firefox 3.0.4	cpe:2.3:a:mozilla:firefox:3.0.4
	Mozilla Firefox 3.0.5	cpe:2.3:a:mozilla:firefox:3.0.5