CVE-2009-0358

N/A Unknown

Published: February 04, 2009 Modified: April 23, 2026

Description

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2009-0256.html

Source: secalert@redhat.com

http://secunia.com/advisories/33799

Source: secalert@redhat.com

http://secunia.com/advisories/33809

Source: secalert@redhat.com

http://secunia.com/advisories/33831

Source: secalert@redhat.com

http://secunia.com/advisories/33841

Source: secalert@redhat.com

http://secunia.com/advisories/33846

Source: secalert@redhat.com

http://secunia.com/advisories/33869

Source: secalert@redhat.com

http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:044

Source: secalert@redhat.com

http://www.mozilla.org/security/announce/2009/mfsa2009-06.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/33598

Source: secalert@redhat.com

http://www.securitytracker.com/id?1021667

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-717-1

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/0313

Source: secalert@redhat.com

https://bugzilla.mozilla.org/show_bug.cgi?id=441751

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610

Source: secalert@redhat.com

https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html

Source: secalert@redhat.com

http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2009-0256.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33799

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33809

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33831

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33841

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33846

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33869

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:044

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2009/mfsa2009-06.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/33598

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1021667

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-717-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/0313

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=441751

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.2%

41th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

mozilla

Related CVEs

CVE-2026-6977 7.3

CVE-2026-31685 N/A

CVE-2026-31684 N/A

CVE-2026-31683 N/A

CVE-2026-31682 N/A