CVE-2009-0358 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0358 Interim 1 12 2023-07-07T01:50:36Z current 2021-05-30T12:45:45Z 2023-07-07T01:50:36Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0358 Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html E-Mail link for SUSE-SA:2009:009 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 6 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 openSUSE Tumbleweed MozillaFirefox MozillaFirefox-10.0-0.3.2 MozillaFirefox-17.0.4esr-0.10.42 MozillaFirefox-3.5.9-0.1.1 MozillaFirefox-31.7.0esr-0.8.1 MozillaFirefox-92.0-1.2 MozillaFirefox-branding-upstream-92.0-1.2 MozillaFirefox-devel-31.7.0esr-0.8.1 MozillaFirefox-devel-92.0-1.2 MozillaFirefox-translations-10.0-0.3.2 MozillaFirefox-translations-17.0.4esr-0.10.42 MozillaFirefox-translations-3.5.9-0.1.1 MozillaFirefox-translations-31.7.0esr-0.8.1 MozillaFirefox-translations-common-92.0-1.2 MozillaFirefox-translations-other-92.0-1.2 mozilla-xulrunner190-1.9.0.19-0.1.1 mozilla-xulrunner190-32bit-1.9.0.19-0.1.1 mozilla-xulrunner190-gnomevfs-1.9.0.19-0.1.1 mozilla-xulrunner190-translations-1.9.0.19-0.1.1 mozilla-xulrunner190-x86-1.9.0.19-0.1.1 MozillaFirefox-3.5.9-0.1.1 as a component of SUSE Linux Enterprise Server 11 SP1 MozillaFirefox-translations-3.5.9-0.1.1 as a component of SUSE Linux Enterprise Server 11 SP1 mozilla-xulrunner190-1.9.0.19-0.1.1 as a component of SUSE Linux Enterprise Server 11 SP1 mozilla-xulrunner190-32bit-1.9.0.19-0.1.1 as a component of SUSE Linux Enterprise Server 11 SP1 mozilla-xulrunner190-gnomevfs-1.9.0.19-0.1.1 as a component of SUSE Linux Enterprise Server 11 SP1 mozilla-xulrunner190-translations-1.9.0.19-0.1.1 as a component of SUSE Linux Enterprise Server 11 SP1 mozilla-xulrunner190-x86-1.9.0.19-0.1.1 as a component of SUSE Linux Enterprise Server 11 SP1 MozillaFirefox-10.0-0.3.2 as a component of SUSE Linux Enterprise Server 11 SP2 MozillaFirefox-translations-10.0-0.3.2 as a component of SUSE Linux Enterprise Server 11 SP2 MozillaFirefox-17.0.4esr-0.10.42 as a component of SUSE Linux Enterprise Server 11 SP3 MozillaFirefox-translations-17.0.4esr-0.10.42 as a component of SUSE Linux Enterprise Server 11 SP3 MozillaFirefox-31.7.0esr-0.8.1 as a component of SUSE Linux Enterprise Server 11 SP4 MozillaFirefox-translations-31.7.0esr-0.8.1 as a component of SUSE Linux Enterprise Server 11 SP4 MozillaFirefox-devel-31.7.0esr-0.8.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox-92.0-1.2 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-92.0-1.2 as a component of openSUSE Tumbleweed MozillaFirefox-devel-92.0-1.2 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-92.0-1.2 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-92.0-1.2 as a component of openSUSE Tumbleweed MozillaFirefox as a component of SUSE Enterprise Storage 6 Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. CVE-2009-0358 SUSE Linux Enterprise Server 11 SP1:MozillaFirefox-3.5.9-0.1.1 SUSE Linux Enterprise Server 11 SP1:MozillaFirefox-translations-3.5.9-0.1.1 SUSE Linux Enterprise Server 11 SP1:mozilla-xulrunner190-1.9.0.19-0.1.1 SUSE Linux Enterprise Server 11 SP1:mozilla-xulrunner190-32bit-1.9.0.19-0.1.1 SUSE Linux Enterprise Server 11 SP1:mozilla-xulrunner190-gnomevfs-1.9.0.19-0.1.1 SUSE Linux Enterprise Server 11 SP1:mozilla-xulrunner190-translations-1.9.0.19-0.1.1 SUSE Linux Enterprise Server 11 SP1:mozilla-xulrunner190-x86-1.9.0.19-0.1.1 SUSE Linux Enterprise Server 11 SP2:MozillaFirefox-10.0-0.3.2 SUSE Linux Enterprise Server 11 SP2:MozillaFirefox-translations-10.0-0.3.2 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-17.0.4esr-0.10.42 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-17.0.4esr-0.10.42 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-31.7.0esr-0.8.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-31.7.0esr-0.8.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-31.7.0esr-0.8.1 openSUSE Tumbleweed:MozillaFirefox-92.0-1.2 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2 openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2 openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2 openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2 SUSE Enterprise Storage 6:MozillaFirefox low 3.3 AV:A/AC:L/Au:N/C:P/I:N/A:N