3.3

CVE-2009-0358

EPSS 0.19%
Published 04.02.2009 19:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.

Affected products Warnungen 0 Metrics 2 CWE 1 References 22

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version3.0

Mozilla ≫ Firefox Version3.0 Updatealpha

Mozilla ≫ Firefox Version3.0 Updatebeta2

Mozilla ≫ Firefox Version3.0 Updatebeta5

Mozilla ≫ Firefox Version3.0.1

Mozilla ≫ Firefox Version3.0.2

Mozilla ≫ Firefox Version3.0.3

Mozilla ≫ Firefox Version3.0.4

Mozilla ≫ Firefox Version3.0.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.381

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html

http://rhn.redhat.com/errata/RHSA-2009-0256.html

http://secunia.com/advisories/33799

http://secunia.com/advisories/33809

http://secunia.com/advisories/33831

http://secunia.com/advisories/33841

http://secunia.com/advisories/33846

http://secunia.com/advisories/33869

http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

http://www.mandriva.com/security/advisories?name=MDVSA-2009:044

http://www.securityfocus.com/bid/33598

http://www.ubuntu.com/usn/usn-717-1

http://www.vupen.com/english/advisories/2009/0313

https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html

http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx

http://www.mozilla.org/security/announce/2009/mfsa2009-06.html

Vendor Advisory

http://www.securitytracker.com/id?1021667

https://bugzilla.mozilla.org/show_bug.cgi?id=441751

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610

https://nvd.nist.gov/vuln/detail/CVE-2009-0358

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0358

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0358

EUVD