CVE-2006-6077

Published: Nov 24, 2006Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

Affected (13)

Products: Mozilla: Firefox · Netscape: Navigator

1 product

1 product

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 1.5.0.8
Mozilla Firefox	Version 1.5.0.1
Mozilla Firefox	Version 1.5.0.2
Mozilla Firefox	Version 1.5.0.3
Mozilla Firefox	Version 1.5.0.4
Mozilla Firefox	Version 1.5.0.5
Mozilla Firefox	Version 1.5.0.6
Mozilla Firefox	Version 1.5.0.7
Mozilla Firefox	Version 1.5
Mozilla Firefox	Version 1.5 beta1
Mozilla Firefox	Version 1.5 beta2
Mozilla Firefox	Version 2.0
Netscape Navigator	Version 8.1.2

References (118)

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc (unsafe URL)

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc (unsafe URL)

Source: cve@mitre.org

http://fedoranews.org/cms/node/2713

Source: cve@mitre.org

http://fedoranews.org/cms/node/2728

Source: cve@mitre.org

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Source: cve@mitre.org

http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2007-0077.html

Source: cve@mitre.org

http://secunia.com/advisories/23046

Source: cve@mitre.org

ExploitVendor Advisory

http://secunia.com/advisories/23108

Source: cve@mitre.org

http://secunia.com/advisories/24205

Source: cve@mitre.org

http://secunia.com/advisories/24238

Source: cve@mitre.org

http://secunia.com/advisories/24287

Source: cve@mitre.org

http://secunia.com/advisories/24290

Source: cve@mitre.org

http://secunia.com/advisories/24293

Source: cve@mitre.org

http://secunia.com/advisories/24320

Source: cve@mitre.org

http://secunia.com/advisories/24328

Source: cve@mitre.org

http://secunia.com/advisories/24333

Source: cve@mitre.org

http://secunia.com/advisories/24342

Source: cve@mitre.org

http://secunia.com/advisories/24343

Source: cve@mitre.org

http://secunia.com/advisories/24384

Source: cve@mitre.org

http://secunia.com/advisories/24393

Source: cve@mitre.org

http://secunia.com/advisories/24395

Source: cve@mitre.org

http://secunia.com/advisories/24437

Source: cve@mitre.org

http://secunia.com/advisories/24457

Source: cve@mitre.org

http://secunia.com/advisories/24650

Source: cve@mitre.org

http://secunia.com/advisories/25588

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200703-04.xml

Source: cve@mitre.org

http://securitytracker.com/id?1017271

Source: cve@mitre.org

Exploit

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131

Source: cve@mitre.org

http://www.debian.org/security/2007/dsa-1336

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml

Source: cve@mitre.org

http://www.info-svc.com/news/11-21-2006/

Source: cve@mitre.org

Exploit

http://www.info-svc.com/news/11-21-2006/rcsr1/

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:050

Source: cve@mitre.org

http://www.mozilla.org/security/announce/2007/mfsa2007-02.html

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2007_22_mozilla.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0078.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0079.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0097.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0108.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/452382/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/452431/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/452440/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/452463/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/454982/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455073/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455148/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/461336/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/461809/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/21240

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/22694

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-428-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/4662

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0718

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=360493

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/30470

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-1081

Source: cve@mitre.org

https://issues.rpath.com/browse/RPL-1103

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc (unsafe URL)