3.3

CVE-2009-0358

EPSS 0.19%
Veröffentlicht 04.02.2009 19:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version3.0

Mozilla ≫ Firefox Version3.0 Updatealpha

Mozilla ≫ Firefox Version3.0 Updatebeta2

Mozilla ≫ Firefox Version3.0 Updatebeta5

Mozilla ≫ Firefox Version3.0.1

Mozilla ≫ Firefox Version3.0.2

Mozilla ≫ Firefox Version3.0.3

Mozilla ≫ Firefox Version3.0.4

Mozilla ≫ Firefox Version3.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.381

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html

http://rhn.redhat.com/errata/RHSA-2009-0256.html

http://secunia.com/advisories/33799

http://secunia.com/advisories/33809

http://secunia.com/advisories/33831

http://secunia.com/advisories/33841

http://secunia.com/advisories/33846

http://secunia.com/advisories/33869

http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

http://www.mandriva.com/security/advisories?name=MDVSA-2009:044

http://www.securityfocus.com/bid/33598

http://www.ubuntu.com/usn/usn-717-1

http://www.vupen.com/english/advisories/2009/0313

https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html

http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx

http://www.mozilla.org/security/announce/2009/mfsa2009-06.html

Vendor Advisory

http://www.securitytracker.com/id?1021667

https://bugzilla.mozilla.org/show_bug.cgi?id=441751

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610

https://nvd.nist.gov/vuln/detail/CVE-2009-0358

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0358

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0358

EUVD