Unrated severityNVD Advisory· Published Feb 4, 2009· Updated Apr 23, 2026
CVE-2009-0358
CVE-2009-0358
Description
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
Affected products
9cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- www.mozilla.org/security/announce/2009/mfsa2009-06.htmlnvdVendor Advisory
- blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspxnvd
- lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.htmlnvd
- rhn.redhat.com/errata/RHSA-2009-0256.htmlnvd
- secunia.com/advisories/33799nvd
- secunia.com/advisories/33809nvd
- secunia.com/advisories/33831nvd
- secunia.com/advisories/33841nvd
- secunia.com/advisories/33846nvd
- secunia.com/advisories/33869nvd
- support.avaya.com/elmodocs2/security/ASA-2009-040.htmnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/33598nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-717-1nvd
- www.vupen.com/english/advisories/2009/0313nvd
- bugzilla.mozilla.org/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610nvd
- www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.htmlnvd
News mentions
0No linked articles in our index yet.