From the HTTP/1.1 specification on Response Cacheability:

If there is neither a cache validator nor an explicit expiration time associated with a response, we do not expect it to be cached, but certain caches MAY violate this expectation (for example, when little or no network connectivity is available).

That is the theory but I don’t have any information about actual behavior.

I'm reasonably confident it's pretty much left up to the browser. They're trying to find the balancing point between "don't request the same HTML file every time unless we have to" and "don't miss updates if the webmaster was just incompetent". In the olden days space was also a concern, so users would play around with a little slider to set the cache usage - if you could set it all the way to 500MB you were a lucky man!

Nowadays pretty much everything is no-cache or Expires: -1 anyway (generated pages). But otherwise, I'm sure the old guidelines would apply.

I've always looked at the cache headers as an affirmative declaration - this response is good for however long, or it's only good once. But either way, it's defined. If it's left undefined, I wouldn't trust it to be purged.