CVE - CVE-2006-6077

CVE-ID
CVE-2006-6077	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:21240 URL:http://www.securityfocus.com/bid/21240 BID:22694 URL:http://www.securityfocus.com/bid/22694 BUGTRAQ:20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords URL:http://www.securityfocus.com/archive/1/452382/100/0/threaded BUGTRAQ:20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords URL:http://www.securityfocus.com/archive/1/452431/100/0/threaded BUGTRAQ:20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords URL:http://www.securityfocus.com/archive/1/452440/100/0/threaded BUGTRAQ:20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords URL:http://www.securityfocus.com/archive/1/452463/100/0/threaded BUGTRAQ:20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip URL:http://www.securityfocus.com/archive/1/454982/100/0/threaded BUGTRAQ:20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip URL:http://www.securityfocus.com/archive/1/455073/100/0/threaded BUGTRAQ:20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip URL:http://www.securityfocus.com/archive/1/455148/100/0/threaded BUGTRAQ:20070226 rPSA-2007-0040-1 firefox URL:http://www.securityfocus.com/archive/1/461336/100/0/threaded BUGTRAQ:20070303 rPSA-2007-0040-3 firefox thunderbird URL:http://www.securityfocus.com/archive/1/461809/100/0/threaded CONFIRM:http://www.mozilla.org/security/announce/2007/mfsa2007-02.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=360493 CONFIRM:https://issues.rpath.com/browse/RPL-1081 CONFIRM:https://issues.rpath.com/browse/RPL-1103 DEBIAN:DSA-1336 URL:http://www.debian.org/security/2007/dsa-1336 FEDORA:FEDORA-2007-281 URL:http://fedoranews.org/cms/node/2713 FEDORA:FEDORA-2007-293 URL:http://fedoranews.org/cms/node/2728 GENTOO:GLSA-200703-04 URL:http://security.gentoo.org/glsa/glsa-200703-04.xml GENTOO:GLSA-200703-08 URL:http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml HP:HPSBUX02153 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HP:SSRT061181 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MANDRIVA:MDKSA-2007:050 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:050 MISC:http://www.info-svc.com/news/11-21-2006/ MISC:http://www.info-svc.com/news/11-21-2006/rcsr1/ OVAL:oval:org.mitre.oval:def:10031 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031 REDHAT:RHSA-2007:0077 URL:http://rhn.redhat.com/errata/RHSA-2007-0077.html REDHAT:RHSA-2007:0078 URL:http://www.redhat.com/support/errata/RHSA-2007-0078.html REDHAT:RHSA-2007:0079 URL:http://www.redhat.com/support/errata/RHSA-2007-0079.html REDHAT:RHSA-2007:0097 URL:http://www.redhat.com/support/errata/RHSA-2007-0097.html REDHAT:RHSA-2007:0108 URL:http://www.redhat.com/support/errata/RHSA-2007-0108.html SECTRACK:1017271 URL:http://securitytracker.com/id?1017271 SECUNIA:23046 URL:http://secunia.com/advisories/23046 SECUNIA:23108 URL:http://secunia.com/advisories/23108 SECUNIA:24205 URL:http://secunia.com/advisories/24205 SECUNIA:24238 URL:http://secunia.com/advisories/24238 SECUNIA:24287 URL:http://secunia.com/advisories/24287 SECUNIA:24290 URL:http://secunia.com/advisories/24290 SECUNIA:24293 URL:http://secunia.com/advisories/24293 SECUNIA:24320 URL:http://secunia.com/advisories/24320 SECUNIA:24328 URL:http://secunia.com/advisories/24328 SECUNIA:24333 URL:http://secunia.com/advisories/24333 SECUNIA:24342 URL:http://secunia.com/advisories/24342 SECUNIA:24343 URL:http://secunia.com/advisories/24343 SECUNIA:24384 URL:http://secunia.com/advisories/24384 SECUNIA:24393 URL:http://secunia.com/advisories/24393 SECUNIA:24395 URL:http://secunia.com/advisories/24395 SECUNIA:24437 URL:http://secunia.com/advisories/24437 SECUNIA:24457 URL:http://secunia.com/advisories/24457 SECUNIA:24650 URL:http://secunia.com/advisories/24650 SECUNIA:25588 URL:http://secunia.com/advisories/25588 SGI:20070202-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc SGI:20070301-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc SLACKWARE:SSA:2007-066-05 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131 SUSE:SUSE-SA:2007:019 URL:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html SUSE:SUSE-SA:2007:022 URL:http://www.novell.com/linux/security/advisories/2007_22_mozilla.html UBUNTU:USN-428-1 URL:http://www.ubuntu.com/usn/usn-428-1 VUPEN:ADV-2006-4662 URL:http://www.vupen.com/english/advisories/2006/4662 VUPEN:ADV-2007-0718 URL:http://www.vupen.com/english/advisories/2007/0718 XF:firefox-passwordmgr-information-disclosure(30470) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/30470
Assigning CNA
MITRE Corporation
Date Record Created
20061124	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061124)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)