Your submission was sent successfully! Close

CVE-2009-0358

Published: 04 February 2009

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

firefox-3.0
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.6)
iceape
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

iceweasel
Launchpad, Ubuntu, Debian
Upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

xulrunner
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.06)