You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2009-06

Mozilla Foundation Security Advisory 2009-06

Title: Directives to not cache pages ignored
Impact: Low
Announced: February 3, 2009
Reporter: Paul Nel
Products: Firefox 3

Fixed in: Firefox 3.0.6


Paul Nel reported that certain HTTP directives to not cache web pages, Cache-Control: no-store and Cache-Control: no-cache for HTTPS pages, were being ignored by Firefox 3. On a shared system, applications relying upon these HTTP directives could potentially expose private data. Another user on the system could use this vulnerability to view improperly cached pages containing private data by navigating the browser back.

Firefox 2 releases are not affected.