CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
10.1%
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1)
no-store and (2) no-cache Cache-Control directives, which allows local
users to obtain sensitive information by using the (a) back button or (b)
history list of the victim’s browser, as demonstrated by reading the
response page of an https POST request.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | firefox-3.0 | < 3.0.6+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | firefox-3.0 | < 3.0.6+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 8.04 | noarch | xulrunner-1.9 | < 1.9.0.6+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | xulrunner-1.9 | < 1.9.0.6+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |