Your submission was sent successfully! Close

CVE-2009-0358

Published: 4 February 2009

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Not vulnerable

gutsy Not vulnerable

hardy Not vulnerable

intrepid Does not exist

upstream Not vulnerable

firefox-3.0
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (3.0.6+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (3.0.6+nobinonly-0ubuntu0.8.10.1)
upstream
Released (3.0.6)
iceape
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Not vulnerable

hardy Does not exist

intrepid Does not exist

upstream Not vulnerable

iceweasel
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy Not vulnerable

intrepid Not vulnerable

upstream Not vulnerable

xulrunner
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Not vulnerable

hardy Not vulnerable

intrepid Not vulnerable

upstream Not vulnerable

xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (1.9.0.6+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.6+nobinonly-0ubuntu0.8.10.1)
upstream
Released (1.9.06)