Home > Vulnerability Database > CVE-2009-0358

Mend.io Vulnerability Database

CVE-2009-0358

Date: February 4, 2009

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.

Severity Score

4.3

Related Resources (23)

Url: http://secunia.com/advisories/33841

Url: http://secunia.com/advisories/33831

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:044

Url: http://secunia.com/advisories/33799

Url: http://www.vupen.com/english/advisories/2009/0313

Url: http://rhn.redhat.com/errata/RHSA-2009-0256.html

Url: http://secunia.com/advisories/33846

Url: http://secunia.com/advisories/33869

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0358

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=441751

Url: http://www.ubuntu.com/usn/usn-717-1

Url: http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm

Url: http://www.mozilla.org/security/announce/2009/mfsa2009-06.html

Url: https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html

Url: http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx

Url: http://www.securityfocus.com/bid/33598

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0358

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610

Url: https://access.redhat.com/security/cve/CVE-2009-0358

Url: http://www.securitytracker.com/id?1021667

Url: http://secunia.com/advisories/33809

Url: https://www.mend.io/vulnerability-database/CVE-2009-0358

Severity Score

4.3

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	3.3
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2009-0358

Date: February 4, 2009

Severity Score

Related Resources (23)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?