Password Manager Vulnerability in Mozilla Firefox and Netscape Products
CVE-2006-6077

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Navigator
Vendor: CVE Published:; 24 November 2006

Summary

A flaw exists in the Password Manager of Mozilla Firefox and Netscape that fails to properly authenticate the ACTION URL in a FORM that includes a password INPUT element. This oversight permits attackers to access stored passwords by exploiting the password manager on a different page that shares the same website domain. As a result, attackers can capture sensitive user credentials, leading to significant security risks.

References

http://www.redhat.com/support/errata/RHSA-2007-0078.html

vendor-advisoryx_refsource_REDHAT

http://www.info-svc.com/news/11-21-2006/rcsr1/

x_refsource_MISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Nov 24, 2006
Vulnerability Reserved
Nov 24, 2006