Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim’s browser, as demonstrated by reading the response page of an https POST request.
blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx
lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
rhn.redhat.com/errata/RHSA-2009-0256.html
secunia.com/advisories/33799
secunia.com/advisories/33809
secunia.com/advisories/33831
secunia.com/advisories/33841
secunia.com/advisories/33846
secunia.com/advisories/33869
support.avaya.com/elmodocs2/security/ASA-2009-040.htm
www.mandriva.com/security/advisories?name=MDVSA-2009:044
www.mozilla.org/security/announce/2009/mfsa2009-06.html
www.securityfocus.com/bid/33598
www.securitytracker.com/id?1021667
www.ubuntu.com/usn/usn-717-1
www.vupen.com/english/advisories/2009/0313
bugzilla.mozilla.org/show_bug.cgi?id=441751
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610
www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html