Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0358

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2009-0358
Last Modified 12 Sep 2011 11:00:10
Published 04 Feb 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector ADJACENT_NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0358

Summary

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.

Vulnerable Systems

Application

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Firefox 3.0.5


References

FEDORA - FEDORA-2009-1399

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=441751

VUPEN - ADV-2009-0313

UBUNTU - USN-717-1

SECTRACK - 1021667

BID - 33598

CONFIRM - http://www.mozilla.org/security/announce/2009/mfsa2009-06.html

MANDRIVA - MDVSA-2009:044

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

SECUNIA - 33869

SECUNIA - 33846

SECUNIA - 33841

SECUNIA - 33831

SECUNIA - 33809

SECUNIA - 33799

REDHAT - RHSA-2009:0256

SUSE - SUSE-SA:2009:009

MISC - http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx


Last Updated: 27 May 2016 10:50:12