CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
10.1%
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim’s browser, as demonstrated by reading the response page of an https POST request.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | firefox | 3.0 | cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:* |
mozilla | firefox | 3.0 | cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:* |
mozilla | firefox | 3.0 | cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:* |
mozilla | firefox | 3.0 | cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:* |
mozilla | firefox | 3.0.1 | cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* |
mozilla | firefox | 3.0.2 | cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* |
mozilla | firefox | 3.0.3 | cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* |
mozilla | firefox | 3.0.4 | cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* |
mozilla | firefox | 3.0.5 | cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* |
blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx
lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
rhn.redhat.com/errata/RHSA-2009-0256.html
secunia.com/advisories/33799
secunia.com/advisories/33809
secunia.com/advisories/33831
secunia.com/advisories/33841
secunia.com/advisories/33846
secunia.com/advisories/33869
support.avaya.com/elmodocs2/security/ASA-2009-040.htm
www.mandriva.com/security/advisories?name=MDVSA-2009:044
www.mozilla.org/security/announce/2009/mfsa2009-06.html
www.securityfocus.com/bid/33598
www.securitytracker.com/id?1021667
www.ubuntu.com/usn/usn-717-1
www.vupen.com/english/advisories/2009/0313
bugzilla.mozilla.org/show_bug.cgi?id=441751
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610
www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html