CVE-2009-0358
Published: 4 February 2009
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Does not exist
|
|
upstream |
Not vulnerable
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(3.0.6+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(3.0.6+nobinonly-0ubuntu0.8.10.1)
|
|
upstream |
Released
(3.0.6)
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Not vulnerable
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Not vulnerable
|
|
iceweasel Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1.9.0.6+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.9.0.6+nobinonly-0ubuntu0.8.10.1)
|
|
upstream |
Released
(1.9.06)
|