CVE-2009-0358
8.3 High
AI Score
Confidence
High
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.3%
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim’s browser, as demonstrated by reading the response page of an https POST request.
References
blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx
lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
rhn.redhat.com/errata/RHSA-2009-0256.html
secunia.com/advisories/33799
secunia.com/advisories/33809
secunia.com/advisories/33831
secunia.com/advisories/33841
secunia.com/advisories/33846
secunia.com/advisories/33869
support.avaya.com/elmodocs2/security/ASA-2009-040.htm
www.mandriva.com/security/advisories?name=MDVSA-2009:044
www.mozilla.org/security/announce/2009/mfsa2009-06.html
www.securityfocus.com/bid/33598
www.securitytracker.com/id?1021667
www.ubuntu.com/usn/usn-717-1
www.vupen.com/english/advisories/2009/0313
bugzilla.mozilla.org/show_bug.cgi?id=441751
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610
www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
Related
8.3 High
AI Score
Confidence
High
3.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
9.3%