CVE-2006-6077

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Navigator
Vendor: CVE Published:; 24 November 2006

Summary

The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

References

http://www.redhat.com/support/errata/RHSA-2007-0078.html

vendor-advisoryx_refsource_REDHAT

http://www.info-svc.com/news/11-21-2006/rcsr1/

x_refsource_MISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 24, 2006
Vulnerability Reserved
Nov 24, 2006