Unrated severityNVD Advisory· Published Feb 4, 2009· Updated Jun 16, 2026
CVE-2009-0358
CVE-2009-0358
Description
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
- (no CPE)range: <3.0.6
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
19- www.mozilla.org/security/announce/2009/mfsa2009-06.htmlnvdVendor Advisory
- blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspxnvd
- lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.htmlnvd
- rhn.redhat.com/errata/RHSA-2009-0256.htmlnvd
- secunia.com/advisories/33799nvd
- secunia.com/advisories/33809nvd
- secunia.com/advisories/33831nvd
- secunia.com/advisories/33841nvd
- secunia.com/advisories/33846nvd
- secunia.com/advisories/33869nvd
- support.avaya.com/elmodocs2/security/ASA-2009-040.htmnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/33598nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-717-1nvd
- www.vupen.com/english/advisories/2009/0313nvd
- bugzilla.mozilla.org/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610nvd
- www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.htmlnvd
News mentions
0No linked articles in our index yet.